What Is Cryptojacking?

What do you get when you cross malware or malvertising with cryptomining? That’s right you guessed it — cryptojacking.

The spread of bad ads is pretty terrible in general, but since 2017— throughout the security software industry — cryptojacking has been known as the Evil Overlord (most menacing and most prevalent) of all cyber threats. Hackers looking to get rich quick from mining cryptocurrency illegally are the culprits, and they’re injecting bad javascript code into websites, mobile apps, videos and advertising to take over users’ device power to do so. According to Kapersky Labs, crypto mining malware has infected more than five million people in the first three quarters of this year alone.

Cryptomining Isn’t Bad, Hackers Are

As the value of cryptocurrency increases, so does interest in it. That means there are more transactions being made and it’s the crypto miners who verify those transactions. How they do this is a competitive process that involves solving complex mathematical problems before other miners do so that the cryptocurrency can be authenticated and added to the blockchain digital ledger. As the bookkeepers of cryptocurrency, miners keep the system honest and help to prevent double spending.

The winning miner gets rewarded with new cryptocurrency, introducing new coins into circulation. Mining coins takes serious processing power, which means a computer with a powerful CPU and graphics card so that a miner’s hardware can contribute to the network’s processing power and most important, enable the miner to hash data quickly— solving more problems and earning more money.

When Cryptomining Goes Horribly Wrong

Cryptojacking occurs when cryptomining malware takes over a user’s computer, mobile phone or other internet-connected devices without their consent to provide the processing power for a cybercriminal to mine cryptocurrency. This way, cybercriminals can stealthily access the processing power of many machines at once to earn a lot of cryptocurrency in a shorter period of time.

Initially, cryptojacking was found on fake (or bad) sites — mostly porn of course — and in video. And now it’s popping up everywhere. Last year a coin mining script ended up on Showtime’s website as a means to get around ad blockers, but the verdict is still out on whether it was intentional or a bad actor at fault. Politifact’s website was also hacked to run a nefarious mining script.

This year, malicious cryptomining ads got into Google’s DoubleClick ad services ending up on YouTube and other sites. AOL’s advertising platform was also infected through malvertising. And more and more cryptomining malware is making its way into ad networks.

Lately cryptomining attacks are targeting verified Twitter accounts, like Google’s G Suite, big-box retailer Target and The Body Shop. The cybercriminals used these official accounts to create fake ads that promote cryptocurrency giveaways, fooling users into opening up their devices to be overpowered.

While Apple and Google have established anti-mining policies, apps made specifically for malicious cryptocurrency mining continue to get through the barriers, especially on Google Play. Legit apps have fallen prey to cryptojacking scripts as well through ads on mobile sites and in-app.

As users become more wary of bad actors they are more likely to turn to ad blocking software to prevent their devices from being infected. Add in Apple Safari’s “Do Not Track” and Google Chrome’s bad ad blocking, and that’s a major impact on the way publishers do business. Plus, once 5G Networks come blazing, there will be speedier cryptocurrency transactions — and potentially more cryptojacking.

Cryptojacking For, Um, Good

Cryptomining has gotten a bad rep because some bad actors have been forcing it on users instead of asking for permission. But some publishers have found cryptomining to be a viable alternative to disruptive advertising.

Coinhive is a company offering mining code to websites to mine Monero coins as monetization alternative. But Coinhive’s code is also the most widely used by hackers because it allows for customizations on web pages that enable users to tax computer systems heavily. Plus, many of the code’s users are using it to access people’s computing power without their permission.

But some publishers are mining legitimately. Salon now offers site visitors, who use ad blockers, an option to give the publisher access to their device power to mine the cryptocurrency Monero in exchange for accessing content.

Likewise the popular Calendar 2 app provided users with an option for the app maker to mine Monero in exchange for premium services. Although it was a permission-based, it violated Apple’s App Store policies by draining too much power from users’ devices so Apple had to pull it until the mining code could be removed.

Can Cryptojacking Be Thwarted?

Ad tech companies that stop bad actors are constantly fighting an uphill battle because cybercriminals keep finding new ways to get past the stop gates. For everyone involved in the industry, it’s to be a constant game of scanning ads, keeping systems updated, and constantly communicating with and working with partners who care about protecting the overall user experience.