What is cryptojacking? How it works and how to help prevent it
Authored by a Symantec employee
Cryptojacking is the unauthorized use of a computer, tablet, mobile phone, or connected home device by cybercriminals to mine for cryptocurrency.
What is cryptocurrency?
For those not familiar with this fairly new terminology, cryptocurrency is a form of digital currency that can be used in exchange for goods, services, and even real money. Users can “mine” it on their computer by using special programs to solve complex, encrypted math equations in order to gain a piece of the currency.
Why cryptojacking is growing
It’s hard to explain how cryptocurrencies gain monetary value; however, it is based in part on the principle of supply and demand, and the difficulty of obtaining the cryptocurrency. For example, there are only a finite number of Bitcoins that have not been completely mined. There are other variables such as how easy the currency is to use, the energy and equipment put into mining it, and more.
For these reasons and others, cryptocurrency has fluctuated in value in the past several years. In 2010, a Bitcoin was set at less than 1 cent.
According to Symantec’s Internet Security Threat Report, cryptojacking also skyrocketed in 2017.
In a sense, cryptojacking is a way for cybercriminals to make free money with minimal effort. Cybercriminals can simply hijack someone else’s machine with just a few lines of code. This leaves the victim bearing the cost of the computations and electricity that are necessary to mine cryptocurrency. The criminals get away with the tokens.
Toward the end of 2017, when the value of cryptocurrency was at its peak, there were about 8 million coin-mining events blocked by Symantec in December alone. Because cryptojacking can yield lucrative results, coin-mining activity increased by 34,000 percent over the course of the year.
How cryptojacking works
Coin mining on your own can be a long, costly endeavor. Elevated electricity bills and expensive computer equipment are major investments and key challenges to coin mining. The more devices you have working for you, the faster you can “mine” coins. Because of the time and resources that go into coin mining, cryptojacking is attractive to cybercriminals.
There are a few ways cryptojacking can occur. One of the more popular ways is to use malicious emails that can install cryptomining code on a computer. This is done through phishing tactics. The victim receives a seemingly harmless email with a link or an attachment. Upon clicking on the link or downloading the attachment, it runs a code that downloads the cryptomining script on the computer. The script then works in the background without the victim’s knowledge.
Another is known as a web browser miner. In this method, hackers inject a cryptomining script on a website or in an ad that is placed on multiple websites. When the victim visits the infected website, or if the malicious ad pops up in the victim’s browser, the script automatically executes. In this method, no code is stored on the victim’s computer.
In both these instances, the code solves complex mathematical problems and sends the results to the hacker’s server while the victim is completely unaware.
Cryptojacking in action
Cryptojacking malware can be found across multiple platforms and devices, including Macs®, since these attacks can be executed in a browser. Interestingly enough, the second most common Mac malware strain is a stealthy cryptocurrency mining application.
In September 2017, a user on Twitter pointed out that a few of Showtime’s online streaming websites had a script running in the background that was used to mine cryptocurrency. In February 2018, a researcher found malicious cryptojacking code on the Los Angeles Times website.
How to detect cryptojacking
As with any other malware infection, there are some signs you may be able to notice on your own.
Symptoms of cryptojacking
- High processor usage on your device
- Sluggish or unusually slow response times
- Overheating of your device
How to prevent cryptojacking
A strong internet security software suite such as Norton Security™ can help block cryptojacking threats.
In addition to using security software and educating yourself on cryptojacking, you can also install ad-blocking or anti-cryptomining extensions on web browsers for an extra layer of protection. As always, be sure to remain wary of phishing emails, unknown attachments, and dubious links.
Cryptojacking is the new ransomware
Although Symantec saw the rise of ransomware in 2016, according to Symantec’s 2018 Internet Security Threat Report, 2017 saw fewer ransomware families — or groups of similar types of ransomware — and lower average ransomware demands than in 2016.
Conversely, cryptojacking incidents appear to be growing.
According to Kevin Haley, director of Symantec Security Response, “Stealing has moved from using a gun to using a computer. And as long as cryptocurrencies have value, criminals will use computers to steal it. What cryptojacking shows is that someone doesn’t even need to own cryptocurrency to be a victim.”
Device security, Dark Web Monitoring powered by LifeLock and a VPN–up to 65% off*
NEW Norton 360 has multiple layers of protection including a VPN for online privacy.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2019 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.
No one can prevent all identity theft or cybercrime. Not all products, services and features are available on all devices or operating systems. System requirement information on norton.com.
*Important Subscription, Pricing and Offer Details:
- The price quoted today may include an introductory offer. After that, your membership will automatically renew and be billed at the applicable monthly or annual renewal price found here.
- You can cancel your subscription at my.norton.com or by contacting Member Services & Support. For more details, please visit the Refund Policy.
- Your subscription may include product, service and /or protection updates and features may be added, modified or removed subject to the acceptance of the Customer Agreement.
The number of supported devices allowed under your plan are primarily for personal or household use only. Not for commercial use. If you have issues adding a device, please contact Member Services & Support.
§ Dark Web Monitoring in Norton 360 plans defaults to monitor your email address only. Please login to the portal to review if you can add additional information for monitoring purposes.