Cryptojacking is the act of exploiting a computer to mine cryptocurrencies, often through websites,[1][2][3] against the user's will or while the user is unaware.[4] One notable piece of software used for cryptojacking was Coinhive, which was used in over two-thirds of cryptojacks before its March 2019 shutdown.[5] The cryptocurrencies mined the most often are privacy coins—coins with hidden transaction histories—such as Monero and Zcash.[2][6]

Like most malicious attacks on the computing public, the motive is profit, but unlike other threats, it is designed to remain completely hidden from the user. Cryptojacking malware can lead to slowdowns and crashes due to straining of computational resources.[7]

Bitcoin mining by personal computers infected with malware is being challenged by dedicated hardware, such as FPGA and ASIC platforms, which are more efficient in terms of power consumption and thus may have lower costs than theft of computing resources.[8]

Notable events

In June 2011, Symantec warned about the possibility that botnets could mine covertly for bitcoins.[9] Malware used the parallel processing capabilities of GPUs built into many modern video cards.[10] Although the average PC with an integrated graphics processor is virtually useless for bitcoin mining, tens of thousands of PCs laden with mining malware could produce some results.[11]

In mid-August 2011, bitcoin mining botnets were detected,[12][13][14] and less than three months later, bitcoin mining trojans had infected Mac OS X.[15]

In April 2013, electronic sports organization E-Sports Entertainment was accused of hijacking 14,000 computers to mine bitcoins; the company later settled the case with the State of New Jersey.[16]

German police arrested two people in December 2013 who customized existing botnet software to perform bitcoin mining, which police said had been used to mine at least $950,000 worth of bitcoins.[17]

For four days in December 2013 and January 2014, Yahoo! Europe hosted an ad containing bitcoin mining malware that infected an estimated two million computers using a Java vulnerability.[18][19]

Another software, called Sefnit, was first detected in mid-2013 and has been bundled with many software packages. Microsoft has been removing the malware through its Microsoft Security Essentials and other security software.[20]

Several reports of employees or students using university or research computers to mine bitcoins have been published.[21] On February 20, 2014, a member of the Harvard community was stripped of his or her access to the university's research computing facilities after setting up a Dogecoin mining operation using a Harvard research network, according to an internal email circulated by Faculty of Arts and Sciences Research Computing officials.[22]

Ars Technica reported in January 2018 that YouTube advertisements contained JavaScript code that mined the cryptocurrency Monero.[23]

In 2021, multiple zero-day vulnerabilities were found on Microsoft Exchange servers, allowing remote code execution. These vulnerabilities were exploited to mine cryptocurrency.[24]

Detection

Traditional countermeasures of cryptojacking are host-based and not suitable for corporate networks. A potential solution is a network-based approach called Crypto-Aegis, which uses machine learning to detect cryptocurrency activities in network traffic, even when encrypted or mixed with non-malicious data.[25]

References

  1. ^ Larson, Selena (2018-02-22). "Cryptojackers are hacking websites to mine cryptocurrencies". CNNMoney. Retrieved 2021-04-17.
  2. ^ a b Hatmaker, Taylor (8 May 2018). "Cryptojacking malware was secretly mining Monero on many government and university websites". TechCrunch. Retrieved 2023-07-09.
  3. ^ Lachtar, Nada; Elkhail, Abdulrahman Abu; Bacha, Anys; Malik, Hafiz (2020-07-01). "A Cross-Stack Approach Towards Defending Against Cryptojacking". IEEE Computer Architecture Letters. 19 (2): 126–129. doi:10.1109/LCA.2020.3017457. ISSN 1556-6056. S2CID 222070383.
  4. ^ Caprolu, Maurantonio; Raponi, Simone; Oligeri, Gabriele; Di Pietro, Roberto (2021-04-01). "Cryptomining makes noise: Detecting cryptojacking via Machine Learning". Computer Communications. 171: 126–139. arXiv:1910.09272. doi:10.1016/j.comcom.2021.02.016. S2CID 233402711.
  5. ^ "Coinhive domain repurposed to warn visitors of hacked sites, routers". BleepingComputer. Retrieved 2021-04-17.
  6. ^ Hwang, Inyoung (7 May 2021). "What is cryptojacking? How to detect mining malware - MediaFeed". mediafeed.org. Retrieved 2021-05-11.
  7. ^ "Brutal cryptocurrency mining malware crashes your PC when discovered | ZDNet". ZDNet.
  8. ^ "Bitcoin's Computing Crisis". 31 October 2013. Archived from the original on 14 May 2021. Retrieved 8 July 2023.
  9. ^ Peter Coogan (17 June 2011). "Bitcoin Botnet Mining". Symantec.com. Retrieved 24 January 2012.
  10. ^ Goodin, Dan (16 August 2011). "Malware mints virtual currency using victim's GPU". The Register. Retrieved 31 October 2014.
  11. ^ Ryder, Greg (9 June 2013). "All About Bitcoin Mining: Road To Riches Or Fool's Gold?". Tom's hardware. Retrieved 18 September 2015.
  12. ^ "Infosecurity - Researcher discovers distributed bitcoin cracking trojan malware". Infosecurity-magazine.com. 19 August 2011. Retrieved 24 January 2012.
  13. ^ Lee, Timothy B. (2011-08-18). "More Bitcoin malware: this one uses your GPU for mining". Ars Technica. Retrieved 2023-07-08.
  14. ^ "Trojan.Badminer". Symantec. Archived from the original on 2014-11-29. Retrieved 2014-11-16.((cite web)): CS1 maint: unfit URL (link)
  15. ^ Lucian Constantin (1 November 2011). "Mac OS X Trojan steals processing power to produce Bitcoins: Security researchers warn that DevilRobber malware could slow down infected Mac computers". TechWorld. IDG communications. Retrieved 24 January 2012.
  16. ^ "E-Sports Entertainment settles Bitcoin botnet allegations". BBC News. 20 November 2013. Retrieved 24 November 2013.
  17. ^ Mohit Kumar (9 December 2013). "The Hacker News The Hacker News +1,440,833 ThAlleged Skynet Botnet creator arrested in Germany". Retrieved 8 January 2015.
  18. ^ McGlaun, Shane (9 January 2014). "Yahoo malware turned Euro PCs into bitcoin miners". SlashGear. Retrieved 8 January 2015.
  19. ^ Hern, Alex (2014-01-08). "Yahoo malware turned European computers into bitcoin slaves". The Guardian. ISSN 0261-3077. Retrieved 2023-07-08.
  20. ^ Liat Clark (20 January 2014). "Microsoft stopped Tor running automatically on botnet-infected systems". Retrieved 8 January 2015.
  21. ^ Hornyack, Tim (6 June 2014). "US researcher banned for mining Bitcoin using university supercomputers". PC world.com. IDG Consumer & SMB. Retrieved 13 June 2014.
  22. ^ Delwiche, Theodore R. (February 20, 2014). "Harvard Research Computing Resources Misused for 'Dogecoin' Mining Operation". The Harvard Crimson.
  23. ^ "Now even YouTube serves ads with CPU-draining cryptocurrency miners". ArsTechnica. January 26, 2018.
  24. ^ Palmer, Danny. "Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers". ZDNet. Retrieved 2021-04-17.
  25. ^ Caprolu, Maurantonio (2021). "Cryptomining makes noise: Detecting cryptojacking via Machine Learning". Computer communications. 171: 126–139.