Browse Definitions :
Definition

cryptojacking

Contributor(s): Ivy Wigmore

Cryptojacking is the surreptitious and unauthorized use of a computer for the resource and power-demanding requirements of cryptocurrency mining. The attack essentially creates a cryptomining bot, and the attacker may coopt many systems to create a botnet.

Hackers can use a variety of techniques for cryptojacking. Originally, cryptojacking involved infecting a target system with malware. More recently, however, in a common JavaScript-based method, the attacker creates content that automatically runs cryptomining software in users' browsers when they visit the page hosting it. The attacker may create the content for the purpose of cryptojacking or may compromise an existing site.

In another twist on the practice, researchers for Chinese cybersecurity vendor Qihoo 360's Netlab team recently reported that an ad network was running cryptomining software in the browsers of unsuspecting users who visit the advertisers' websites. Because programmatic advertising places ads automatically, site owners have little control over the issue. The malware used domain generation algorithms (DGAs) to bypass ad blockers and serve ads to all site visitors.

Cryptojacking techniques have been proposed for beneficial uses as well, such as providing a revenue stream for sites and services or crowdfunding for disaster relief efforts. Nevertheless, from the perspective of end users and network administrators, cryptojacking is primarily a drain on processing and power resources.

This was last updated in March 2018

Continue Reading About cryptojacking

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • Port Scan

    A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services ...

  • DMZ (networking)

    In computer networks, a DMZ (demilitarized zone), also sometimes known as a perimeter network or a screened subnetwork, is a ...

  • quantum supremacy

    Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classic computers by ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

Close