Cryptojacking

What is Cryptojacking?

Cryptojacking is a form of cyber-attack in which the attacker uses the victim’s computing resources (CPU, GPU) to mine cryptocurrency without their knowledge or consent. Unlike ransomware, which is immediately visible, cryptojacking operates in the background - the only symptoms may be degraded system performance and increased energy consumption.

Cryptojacking takes two forms. Malware-based - malicious software installed on servers, workstations or IoT devices that runs cryptocurrency mining in the background (most commonly Monero, due to the ability to mine on CPUs). Browser-based - JavaScript scripts (formerly Coinhive) executed in the user’s browser when visiting a compromised website.

Attackers particularly target environments with large computing resources: cloud servers (compromised AWS/Azure accounts), Kubernetes clusters, CI/CD servers and - particularly concerning - OT and ICS systems, where additional CPU load can affect the stability of industrial processes.

Why does it matter?

Cryptojacking is sometimes dismissed as “less harmful” than ransomware, but it generates real costs: higher energy bills, accelerated hardware wear, system performance degradation and - most importantly - it indicates an attacker’s presence in the network. The same access used for cryptocurrency mining can be leveraged for ransomware or data exfiltration. In OT environments, additional CPU load can threaten the stability of control processes.

Related topics

• Ransomware
• EDR
• Malware Analysis