GET A DEMO
See why 9,000+ companies trust Darktrace
Thanks, your request has been received
A member of our team will be in touch with you shortly.
YOU MAY FIND INTERESTING
Five Key Takeaways from Black Hat 2023
Hives & Frankensteins: The Half-Year Threat Report
Oops! Qualcosa è andato storto durante l'invio del modulo.
Darktrace Glossary>Cryptojacking

What is Cryptojacking?

CONTENTS

How is cryptojacking different from cryptocurrency mining?

Cryptojacking is the unauthorized use of a computer or device’s processing power to mine cryptocurrencies, often without the owner’s consent or knowledge. Cryptojacking is considered a form of cybercrime.

In contrast, traditional cryptocurrency mining is a legitimate process where miners invest their own hardware and resources to voluntarily mine cryptocurrency.

How do cryptocurrency mining cryptojacking relate?

Cryptocurrency mining is the process of validating and recording transactions on a blockchain through complex mathematical computations. Miners use their computational power to solve these cryptographic puzzles, and in return, are rewarded with cryptocurrency.  

With the most popular cryptocurrency Bitcoin reaching a peak of $66,000 in 2021, crypto mining can be extremely lucrative. However, the mining process typically consumes large amounts of computational power and electricity, drastically increasing the costs of mining.  

As such, cryptojackers essentially steal computing and energy resources for mining to reduce their costs and increase their “profits” earned from cryptocurrency mining. In 2022, it was estimated that cryptojackers used $53 worth of system resources for every $1 that was mined.

How does crypto mining work?

Cryptocurrency is a form of digital currency that is based on the principles of complex mathematical encryption. They are transacted on a decentralized distributed ledger known as a blockchain.

Without a centralized governing body, transactions made on the blockchain have to be approved by miners who solve cryptographic puzzles to validate them. This process is known as “crypto mining” and requires a large amount of computational power. Thus, the first miner to solve the puzzle is rewarded with cryptocurrency for their efforts.

The primary components of crypto mining include:

Blockchain

The underlying distributed ledger technology where transactions are recorded and validated.

Mining software

Specialized software that connects miners to the cryptocurrency network and manages mining tasks.

Mining hardware

Devices equipped with powerful CPUs, GPUs or ASICs (Application-Specific Integrated Circuits) for efficient computations.

Mining pool

Miners can join mining pools to combine resources and share rewards, reducing their variance in earnings.

Cryptocurrency wallet

A digital wallet to store and manage earned cryptocurrencies.

What are the typical signs of cryptojacking?

Common signs of cryptojacking include:

  • Reduced performance: Device has unusually slow performance, is overheating, has increased fan activity, or faster battery drainage.
  • Increased energy consumption: Device is consuming more electricity than usual which may also lead to increased electricity bills.
  • Elevated CPU/GPU usage: Monitoring Task Manager or Activity Monitor may reveal unusually high CPU/GPU utilization. Applications or software may also crash more frequently due to excessive CPU/GPU usage.

What are security risks associated with cryptocurrency mining?

Cryptocurrency mining can also be done on mobile devices through Android applications. However, there are certain risks associated with cryptocurrency mining:

Battery drain and overheating

Continuous mining can rapidly deplete a device’s battery and cause overheating, potentially damaging the hardware.

Data privacy concerns

Applications may be able to access data and information from the device or other applications.

Embedded malware

These applications or software may also contain malware.

Fraud and scams

Some applications are fake and aim to scam users by making them pay a fee to “mine cryptocurrency”.

How do cryptojackers compromise devices for mining and what resource is often compromised?

Cryptojackers often compromise a device’s CPU/GPU power through:

Browser injections

Inject Javascript-based cryptojacking scripts into websites which run when users visit the website.

Phishing attacks

Trick users into downloading mining software through phishing emails.

Supply chain attacks

Attackers can embed cryptomining scripts into open-source code repositories.

Unsecure cloud infrastructure

Cryptojackers can hijack cloud infrastructure which may have exposed APIs or allow unauthenticated access.

Certain cryptojacking malware also have worm-like propagation capabilities, allowing the malware to move laterally through the network and infect even more devices to be exploited for cryptomining.

What is the significance of anti-mining VPNs in preventing cryptojacking attacks?

Anti-mining VPNs are designed to detect and block connections to known cryptojacking servers and websites. They help prevent cryptojacking by blocking the communication channels between the victim device and the attacker’s mining pool, thus stopping the unauthorized use of resources.

What methods and techniques do cryptojackers employ to evade detection?

Cryptojackers employ various evasion techniques, such as:

Fileless Malware

Avoiding traditional file-based detections.

Encrypted traffic

Encrypt mining traffic to bypass network detection features.

Mining pool proxy

To hide the actual mining pool destination.

Who are common targets for cryptojacking? How can individuals and organizations protect themselves from cryptojacking?

Cryptojacking attacks commonly target:

Websites

Cryptojackers are able to inject mining scripts into poorly secured websites, which will mine cryptocurrency within the user’s browser when the website is visited.

End-user devices

Devices such as laptops, desktops, smartphones, and IoT devices can be targeted by cryptojackers for their computing power.

Cloud infrastructure

Cryptojackers are also taking advantage of the scalability of cloud instances.

Protection from such attacks involves:

Security software

Use anti-virus and anti-malware software which may be able to detect and remove any unwanted programs.

Ad-blockers

Block malicious ads that host mining scripts.

Regular updates and patches

Keep software and operating systems updated to prevent exploitation of known vulnerabilities. For example, Darktrace DETECT identified a crypto-mining campaign which exploited a Log4j vulnerability.

Security awareness and training

Educate users to recognize phishing emails and avoid clicking on links or downloading attachments from such emails.

How can security solutions help detect and mitigate cryptojacking attempts?

Security solutions can:

Anti-malware software

Scan for and remove cryptojacking malware.

Block malicious domains

Prevent communication with known cryptojacking servers

Behavioral analysis

Identify unusual patterns indicative of cryptojacking. In 2022, Darktrace DETECT observed anomalous activity from a device during a cryptojacking attack.

Email security gateways

Email security solutions such as Darktrace/Email can help to stop phishing attempts in their tracks, preventing cryptojacking malware from being downloaded on to devices.

Vulnerability management

Alert security teams of known vulnerabilities that should be patched.

Related glossary terms

Si tratta di un testo all'interno di un blocco div.

Featured Resources

View all resources
Scheda tecnica
Perché Darktrace?
Blog
Building for the AI Attack Era
Blog
Using AI to Help Humans Function Better During a Cyber Crisis
Libro bianco
A CISO's Guide to Incident Management