Some cryptocurrencies are mineable, meaning that people can choose to expend their computational resources to secure the operation of the blockchain and earn newly created coins in exchange; the coins can later be traded on crypto exchanges for traditional currencies like USD. This requires the purchase, setup and maintenance of specialized equipment and significant expense of electrical power, all of which eat into the profit made from selling the mined coins.

Instead of participating in fair competition, an unscrupulous hacker may choose to mine cryptocurrency by hijacking the computational resources of other people, a practice known as cryptojacking.

Cryptojacking can be performed in multiple different ways, but there are two most popular ones. The first way is via a trojan — a malicious program that gets installed onto a computer without the owner’s knowledge or consent by, for example, clicking on an email link or attachment. The program then keeps running on the host computer, consuming its resources, while the profits go to the hacker.

The other popular option is the so-called “drive-by” cryptojacking, which is performed online via malicious JavaScript code on web pages that are either owned by the hackers outright or have been compromised by them.

Cryptojacking leads to increased consumption of its victims’ electrical power, slows down their computers and shortens the life of their equipment. If a user suspects that their computer might have been the target of a cryptojacking attack, they should look out for red flags: decreased performance and the overheating of their computer, which is usually coupled with more intense use of the cooling fan. Most modern antivirus software providers are acutely aware of the threat of cryptojacking, so they offer protection from it.

Cryptojacking is described as the unsolicited use of a person’s device or system, such as a computer, server, smartphone, tablet, etc., for crypto mining. Attackers can gain access to a victim’s device through emails, websites, or online ads that contain links to malicious software that will auto-execute when accessed.

There are two common types of cryptojacking: file-based and browser-based. 

File-based cryptojacking involves hackers sending seemingly legitimate emails to their victims. But when users open the attachment, a program is executed and the crypto mining script is introduced to their computer.

In a browser-based cryptojacking attack, hackers typically embed malicious code in various websites. Once the victim accesses the infected websites, the crypto mining script immediately takes effect within that device.

Cryptojacking schemes can go unnoticed for a long time, allowing hackers to mine with total impunity from unsuspecting victims’ devices. Mining activities incur high electricity costs, which hackers pass on to their victims so they can earn token rewards without financial burden. 
Cryptojacking scripts can cause devices to lag or even break down due to wear and tear.

Additionally, there is a class of cryptojacking scripts that has a worming ability that allows it to replicate fast, infecting multiple devices and servers within a network. 

Most cybercriminals tend to mine privacy coins like Monero as they are difficult to trace.

Some measures to avoid falling victim to cryptojacking schemes include the use of ad-blockers and anti-crypto mining extensions.
    • Related Articles

    • Crypto Invoicing

      Crypto invoicing allows you to create different itemized bills and invoices for the products or services you offer. It enables you to bill clients in crypto via email, without the hassle of switching between wallets and apps. As cryptocurrencies ...
    • Crypto Debit Card

      A crypto debit card is a type of debit card that allows its holder to pay for goods and services using cryptocurrencies like Bitcoin (BTC), Litecoin (LTC) and Ethereum (ETH). Most crypto debit cards in use today are powered by Visa and MasterCard, ...
    • Crypto Address

      A crypto address is a string of characters that represents a wallet that can send and receive cryptocurrency. It is akin to a real-life address, email or website. Every address is unique and denotes the location of a wallet on the blockchain. Most ...
    • Cryptoasset

      Cryptoassets leverage cryptography, consensus algorithms, distributed ledgers, peer-to-peer technology and/or smart contracts to function as a store of value, medium of exchange, unit of account, or decentralized application (DApp). There are four ...
    • Distributed Denial of Service (DDoS) Attack

      DDoS attacks are among the most common forms of cyberattack. They often make use of networks (botnets) of devices (bots) that have been compromised by malware — placing them under the control of the bad actor.  The attacker instructs every bot to ...