Cryptojacking: The sneaky cybercrime trend of 2024

January 1, 2024

4 Mins Read

In the ever-evolving landscape of cybercrime, new threats continue to emerge, exploiting the digital realm for illicit gains. One such trend that has gained significant traction in 2024 is cryptojacking. This insidious form of cybercrime not only compromises the security of individuals and organizations, but also poses a significant challenge to the overall stability of the digital economy.

Cryptocurrency, like Bitcoin, operates as a means of payment and speculative commodity, supported by the revolutionary technology of blockchain. Blockchain, developed by Satoshi Nakamoto, is a decentralized system utilizing global volunteers’ computers, acting as a worldwide ledger that eliminates the need for a central database. With encryption and public-private keys ensuring secure peer-to-peer transactions, blockchain improves data transparency, security, and efficiency, potentially replacing outdated banking systems. This partnership between cryptocurrency and blockchain technology opens the path to widely accessible digital financial products.

Understanding cryptojacking

Cryptojacking, also referred to as malicious cryptomining, is an online menace that operates by surreptitiously utilizing the computing resources of a computer or mobile device to mine cryptocurrencies. This form of attack often originates from downloads on web browsers or unauthorized mobile applications, posing a threat to various devices such as desktops, laptops, smartphones, and network servers. Unlike many other malicious activities, the primary motivation behind cryptojacking is financial gain, and its distinctive characteristic lies in its ability to remain undetected by the user.

As per SonicWall Cyber Threat Report, there was a 43% year-over-year increase in cryptojacking attempts in 2022. This spike pushed attack volume past the 100-million mark for the first time and set a record high of 139.3 million attacks by the year’s end.

How cryptojacking works

Cryptojacking operates through two methods: malware-bared attacks and drive-by cryptomining. In the case of malware, hackers gain control over a portion of your computer, similar to ransomware, but unlike ransomware, this control remains hidden in the background while you continue using your device.

The process unfolds as follows:

You unknowingly click on a malicious link in an email, which may appear harmless.
Clicking the link loads cryptomining code onto your computer, deploying a mining script discreetly.
The script seizes a portion or the entirety of your device’s computing to mine cryptocurrency.
The cryptojacker closely monitors the mined cryptocurrency, collecting it in their digital wallet.

Meanwhile, drive-by cryptomining has its roots in a legitimate practice where websites openly disclosed the use of visitors’ computers for mining cryptocurrency during their site visitation, ceasing mining once they departed. However, this gave rise to unauthorized drive-by cryptomining, where visitors’ devices are exploited for mining without their consent.

When an unsuspecting user visits such a site, code is implanted on their device. Not only does the user remain unaware of their device’s mining activities, but the mining persists even after they leave the site.

Certain cryptojacking malware operates similarly to worm-style viruses, propagating across networks and infecting devices one after another, effectively enslaving them and depleting their resources in the process.

According to Kaspersky, in 2019, eight separate apps that secretly mined cryptocurrency with the resources of whoever downloaded them, were ejected from the Microsoft Store. The apps supposedly came from three different developers, although it was suspected that the same individual or organization was behind them all. Users searching for specific keywords on the Microsoft Store or browsing the list of popular free apps may unknowingly come across cryptojacking apps. Once downloaded and opened, these apps inadvertently install JavaScript code designed for cryptojacking. As a result, the malicious miner begins its quest for Monero, consuming a substantial portion of the device’s resources and causing noticeable slowdowns.

The consequences for individuals and organizations

For individuals, falling victim to cryptojacking can lead to a range of detrimental consequences. The most immediate impact is a significant slowdown in device performance, as the malicious software hijacks the processing power to mine cryptocurrencies. This results in increased energy consumption, reduced battery life, and overall system instability. Moreover, the compromised system becomes vulnerable to further attacks, as the initial breach often opens the door to other malicious activities.

Organizations are not exempt from the risks posed by cryptojacking. Infiltrated networks can experience widespread slowdowns, leading to decreased productivity and hampered operations. Additionally, the financial toll can be substantial, as the costs associated with increased energy consumption and system maintenance quickly accumulate. Moreover, the reputational damage resulting from a successful cryptojacking attack can erode customer trust and impact the bottom line.

As the trend of cryptojacking gains momentum, cybercriminals are displaying greater ingenuity. A prime example occurred in January 2023, when threat actors leveraged automation to generate 130,000 trial accounts on cloud platform services. Their ultimate objective was to exploit GitHub Actions workflows for unlawful cryptomining purposes.

How to stop, prevent and detect cryptojacking

Preventing, detecting, and stopping cryptojacking requires proactive measures. Here are some practices you can follow to safeguard your business:

Educate your employees about the threat and encourage them to report any suspicious activity for further investigation. Moreover, implement advanced network monitors to detect cryptojacking activities that may go unnoticed by regular malware scanners.
Conduct regular web scanning to identify and report any suspicious scripts or files on your server. You can also install ad-blockers and cryptomining blockers in your browsers to prevent unauthorized usage.
Deploy advanced endpoint protection to block cryptominers. In addition, you can utilize mobile device managers to manage and secure personal devices used for work.
Block infected domains known to be operated by hackers. If you lack the resources, consider hiring a Managed Service Provider for cyber security services. Stay updated, maintain vigilance, and proactively manage threats to keep your business safe.

This brings us to the end of our blog on cryptojacking. Stay connected to PureVPN Blog to learn more about the latest crybercrime trends.

Adil Ahsan Ali

January 1, 2024

5 months ago

An enthusiastic individual, who has a passion for AI, cybersecurity, gaming, and all this trending in the digital world. Adil is your go-to guy if you want learn about what's trending in cyberspace.

Have Your Say!!

Cookie	Duration	Description
__stripe_mid	1 year	This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server.
__stripe_sid	30 minutes	This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any patment information on a server.
Affiliate ID	3 months	Affiliate ID cookie
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
Data 1	3 months
Data 2	3 months	Data 2
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
woocommerce_cart_hash	session	This cookie is set by WooCommerce. The cookie helps WooCommerce determine when cart contents/data changes.
XSRF-TOKEN	session	The cookie is set by Wix website building platform on Wix website. The cookie is used for security purposes.

Cookie	Duration	Description
__lc_cid	2 years	This is an essential cookie for the website live chat box to function properly.
__lc_cst	2 years	This cookie is used for the website live chat box to function properly.
__lc2_cid	2 years	This cookie is used to enable the website live chat-box function. It is used to reconnect the customer with the last agent with whom the customer had chatted.
__lc2_cst	2 years	This cookie is necessary to enable the website live chat-box function. It is used to distinguish different users using live chat at different times that is to reconnect the last agent with whom the customer had chatted.
__oauth_redirect_detector		This cookie is used to recognize the visitors using live chat at different times inorder to optimize the chat-box functionality.
Affiliate ID	3 months	Affiliate ID cookie
Data 1	3 months
Data 2	3 months	Data 2
pll_language	1 year	This cookie is set by Polylang plugin for WordPress powered websites. The cookie stores the language code of the last browsed page.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga_J2RWQBT0P2	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_12584548_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gat_UA-12584548-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjIncludedInSessionSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
PAPVisitorId	1 year	This cookie is set by the Post Affiliate Pro.This cookie is used to store the visitor ID which helps in tracking the affiliate.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
NID	6 months	This cookie is used to a profile based on user's interest and display personalized ads to the users.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
_app_session	1 month	No description available.
_dc_gtm_UA-12584548-1	1 minute	No description
_gfpc	session	No description available.
71cfb2288d832330cf35a9f9060f8d69	session	No description
cli_bypass	3 months	No description
CONSENT	16 years 6 months 13 days 18 hours	No description
gtm-session-start	2 hours	No description available.
isoCode	1 month	No description available.
L-k26wU	1 day	No description
L-KVHA4	1 day	No description
m	2 years	No description available.
newVisitorId	3 months	No description
owner_token	1 day	No description available.
PP-k26wU	1 hour	No description
PP-KVHA4	1 hour	No description
RL-k26wU	1 day	No description
RL-KVHA4	1 day	No description
wisepops	2 years	No description available.
wisepops_session	session	No description available.
wisepops_visits	2 years	No description available.
woocommerce_items_in_cart	session	No description available.
wp_woocommerce_session_1b44ba63fbc929b5c862fc58a81dbb22	2 days	No description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.