What is Cryptojacking?

Cryptojacking Definition

Cryptojacking (malicious cryptomining) is unauthorized use of computing resources for cryptocurrency mining. Attackers install mining software on compromised systems or inject scripts into websites to use victim CPU/GPU power for profit from cryptocurrencies like Monero (XMR).

How Does Cryptojacking Work?

File-based:

1. Malware infection (phishing, exploit)
2. Cryptominer installation
3. Continuous mining
4. Profits to attacker wallet

Browser-based:

1. User visits infected website
2. JavaScript miner runs in browser
3. Mining while page is open
4. Often without user knowledge

Why Monero (XMR)?

• CPU-friendly: Doesn’t require GPU
• Anonymous: Untraceable transactions
• Profitable: Efficient on standard hardware
• XMR is the most common cryptojacking cryptocurrency

Cryptojacking Indicators

System symptoms:

• High CPU usage
• Fan noise
• System slowdowns
• Overheating

Network symptoms:

• Mining pool connections
• Unusual outbound traffic
• Specific protocols (stratum)

Cryptojacking Impact

• Energy costs: Increased electricity bills
• Hardware damage: Accelerated component wear
• Performance: Slower systems
• Reputation: Infected websites
• Security signal: Miner indicates breach

Cryptojacking in the Cloud

Cloud is a popular cryptojacking target:

• Auto-scaling = unlimited resources
• Unused account resources
• Compromised credentials
• Huge costs for victims

Cryptojacking Detection

Endpoint:

• CPU monitoring
• Process monitoring
• Behavioral EDR

Network:

• Mining pool connections
• DNS anomalies
• Traffic analysis

Browser:

• Mining script blocking
• CPU throttling monitoring

Cryptojacking Defense

• EDR/AV: Detecting miners
• Browser extensions: Mining script blockers
• Network monitoring: Pool domain blocking
• Cloud: Cost alerting, resource limits
• Patching: Closing common vulnerabilities

Cryptojacking may seem less severe than ransomware, but it indicates security gaps that can be exploited for more serious attacks.