From Wikipedia, the free encyclopedia
(Redirected from Cryptojacking malware)

Cryptojacking is the act of hijacking a computer to mine cryptocurrencies against the user's will, through websites,[1][2][3] or while the user is unaware.[4] One notable piece of software used for cryptojacking was Coinhive, which was used in over two-thirds of cryptojacks before its March 2019 shutdown.[5] The cryptocurrencies mined the most often are privacy coins—coins with hidden transaction histories—such as Monero and Zcash.[2][6]

Like most malicious attacks on the computing public, the motive is profit, but unlike other threats, it is designed to remain completely hidden from the user. Cryptojacking malware can lead to slowdowns and crashes due to straining of computational resources.[7]

Notable events[edit]

In June 2011, Symantec warned about the possibility that botnets could mine covertly for bitcoins.[8] Malware used the parallel processing capabilities of GPUs built into many modern video cards.[9] Although the average PC with an integrated graphics processor is virtually useless for bitcoin mining, tens of thousands of PCs laden with mining malware could produce some results.[10]

In mid-August 2011, bitcoin mining botnets were detected,[11] and less than three months later, bitcoin mining trojans had infected Mac OS X.[12]

In April 2013, electronic sports organization E-Sports Entertainment was accused of hijacking 14,000 computers to mine bitcoins; the company later settled the case with the State of New Jersey.[13]

German police arrested two people in December 2013 who customized existing botnet software to perform bitcoin mining, which police said had been used to mine at least $950,000 worth of bitcoins.[14]

For four days in December 2013 and January 2014, Yahoo! Europe hosted an ad containing bitcoin mining malware that infected an estimated two million computers.[15] The software, called Sefnit, was first detected in mid-2013 and has been bundled with many software packages. Microsoft has been removing the malware through its Microsoft Security Essentials and other security software.[16]

Several reports of employees or students using university or research computers to mine bitcoins have been published.[17]

On February 20, 2014, a member of the Harvard community was stripped of his or her access to the university's research computing facilities after setting up a Dogecoin mining operation using a Harvard research network, according to an internal email circulated by Faculty of Arts and Sciences Research Computing officials.[18]

Ars Technica reported in January 2018 that YouTube advertisements contained JavaScript code that mined the cryptocurrency Monero.[19]

In 2021, multiple zero-day vulnerabilities were found on Microsoft Exchange servers, allowing remote code execution. These vulnerabilities were exploited to mine cryptocurrency.[20]


  1. ^ Larson, Selena (2018-02-22). "Cryptojackers are hacking websites to mine cryptocurrencies". CNNMoney. Retrieved 2021-04-17.
  2. ^ a b "Cryptojacking malware was secretly mining Monero on many government and university websites". TechCrunch. Retrieved 2021-04-17.
  3. ^ Lachtar, Nada; Elkhail, Abdulrahman Abu; Bacha, Anys; Malik, Hafiz (2020-07-01). "A Cross-Stack Approach Towards Defending Against Cryptojacking". IEEE Computer Architecture Letters. 19 (2): 126–129. doi:10.1109/LCA.2020.3017457. ISSN 1556-6056. S2CID 222070383.
  4. ^ Caprolu, Maurantonio; Raponi, Simone; Oligeri, Gabriele; Di Pietro, Roberto (2021-04-01). "Cryptomining makes noise: Detecting cryptojacking via Machine Learning". Computer Communications. 171: 126–139. doi:10.1016/j.comcom.2021.02.016. S2CID 233402711.
  5. ^ "Coinhive domain repurposed to warn visitors of hacked sites, routers". BleepingComputer. Retrieved 2021-04-17.
  6. ^ Hwang, Inyoung. "What is cryptojacking? How to detect mining malware - MediaFeed". Retrieved 2021-05-11.
  7. ^ "Brutal cryptocurrency mining malware crashes your PC when discovered | ZDNet". ZDNet.
  8. ^ Peter Coogan (17 June 2011). "Bitcoin Botnet Mining". Retrieved 24 January 2012.
  9. ^ Goodin, Dan (16 August 2011). "Malware mints virtual currency using victim's GPU". The Register. Retrieved 31 October 2014.
  10. ^ Ryder, Greg (9 June 2013). "All About Bitcoin Mining: Road To Riches Or Fool's Gold?". Tom's hardware. Retrieved 18 September 2015.
  11. ^ "Infosecurity - Researcher discovers distributed bitcoin cracking trojan malware". 19 August 2011. Retrieved 24 January 2012.
  12. ^ Lucian Constantin (1 November 2011). "Mac OS X Trojan steals processing power to produce Bitcoins: Security researchers warn that DevilRobber malware could slow down infected Mac computers". TechWorld. IDG communications. Retrieved 24 January 2012.
  13. ^ "E-Sports Entertainment settles Bitcoin botnet allegations". BBC News. 20 November 2013. Retrieved 24 November 2013.
  14. ^ Mohit Kumar (9 December 2013). "The Hacker News The Hacker News +1,440,833 ThAlleged Skynet Botnet creator arrested in Germany". Retrieved 8 January 2015.
  15. ^ McGlaun, Shane (9 January 2014). "Yahoo malware turned Euro PCs into bitcoin miners". SlashGear. Retrieved 8 January 2015.
  16. ^ Liat Clark (20 January 2014). "Microsoft stopped Tor running automatically on botnet-infected systems". Retrieved 8 January 2015.
  17. ^ Hornyack, Tim (6 June 2014). "US researcher banned for mining Bitcoin using university supercomputers". PC IDG Consumer & SMB. Retrieved 13 June 2014.
  18. ^ "Harvard Research Computing Resources Misused for 'Dogecoin' Mining Operation | News | The Harvard Crimson".
  19. ^ "Now even YouTube serves ads with CPU-draining cryptocurrency miners". ArsTechnica. January 26, 2018.
  20. ^ Palmer, Danny. "Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers". ZDNet. Retrieved 2021-04-17.