Cryptojacking (also called malicious cryptomining) is an emerging online threat that hides on people’s devices (computers, smartphones, tablets or even servers), without their consent or knowledge, and uses the machine’s resources to secretly mine cryptocurrencies. Cryptocurrency is a form of digital money that exist only in the online world, with no actual physical form. Users can “mine” it on their computer by using special programs to solve complex, encrypted math equations in order to gain a piece of the currency. Coin mining on your own can be a long, costly endeavor. Elevated electricity bills and expensive computer equipment are major investments and key challenges to coin mining. The more devices you have working for you, the faster you can “mine” coins. Because of the time and resources that go into coin mining, cryptojacking is attractive to cybercriminals. Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code directly on the computer like classic malware through phishing-like tactics (device-based cryptojacking), or by infecting a website or an online AD with JavaScript code that auto-executes once loaded in the victim’s browser (browser-based cryptojacking). Like most other malicious attacks on the computing public, the motive is profit, but unlike many threats, it’s designed to stay completely hidden from the user. It works in the background as unsuspecting victims use their computers normally. No code is stored on the victims’ computers. The only sign they might notice is slower performance or lags in execution. The crypto mining code runs surreptitiously and can go undetected for a long time.
No one knows for certain how much cryptocurrency is mined through cryptojacking, but there’s no question that the practice is rampant. The simple reason why cryptojacking is becoming more popular with hackers is more money for less risk. “Hackers see cryptojacking as a cheaper, more profitable alternative to ransomware,” says Alex Vaystikh, CTO and cofounder of SecBI.
References:
How to Detect, Prevent, and Recover from Cryptojacking in 2019
Cryptojacking : How Hackers Are Mining Cryptocurrencies Without Your Knowledge
Manuela Bazzarelli
3rdPLACE