Cryptojacking Took Over the Internet in 2018

cryptojacking has been exactly that. It’s officially everywhere, and it’s not going away.

The concept of cryptojacking is pretty simple: An attacker finds a way to harness the processing power of computers she doesn’t own—or pay the electric bills on—to mine cryptocurrency for herself. Malicious mining malware has lurked for a while, but attackers didn’t realize its full potential until a group called Coinhive created a simple mining module in September 2017 that could embed in virtually any website.

Once it’s there, anyone who goes to the page will contribute CPU cycles to mining for the module’s owner for however long they have the tab open. Coinhive has said that it intended for the tool to provide an alternate revenue stream for websites, but criminals quickly realized that they could find and exploit vulnerabilities in all sorts of highly trafficked sites to quietly implant their own cryptojacking modules.

With cryptocurrency hitting all-time highs in late 2017 and early 2018, the cryptojacking’s popularity exploded. And it has since evolved and matured in all sorts of fascinating and alarming ways. Malicious miners have shown up on mobile devices, in cloud infrastructure, on Internet of Things gadgets, and even in critical infrastructure. And while donating a little bit of processing power to mining sometimes takes little toll on a victim, more aggressive miners can interfere with affected device processes, disrupt work, and even wear on them to the point of physical damage.

“When we did our midyear threat report for 2018 we found that cryptojacking had a 35 percent share of all web threats and that is honestly absolutely insane,” says Tyler Moffitt, senior threat researcher at the security firm Webroot. “This is a new threat that just came out in late September 2017. Even if it drops down to 25 p

Read More