Browse Definitions :
Definition

cryptojacking

Contributor(s): Ivy Wigmore

Cryptojacking is the surreptitious and unauthorized use of a computer for the resource and power-demanding requirements of cryptocurrency mining. The attack essentially creates a cryptomining bot, and the attacker may coopt many systems to create a botnet.

Hackers can use a variety of techniques for cryptojacking. Originally, cryptojacking involved infecting a target system with malware. More recently, however, in a common JavaScript-based method, the attacker creates content that automatically runs cryptomining software in users' browsers when they visit the page hosting it. The attacker may create the content for the purpose of cryptojacking or may compromise an existing site.

In another twist on the practice, researchers for Chinese cybersecurity vendor Qihoo 360's Netlab team recently reported that an ad network was running cryptomining software in the browsers of unsuspecting users who visit the advertisers' websites. Because programmatic advertising places ads automatically, site owners have little control over the issue. The malware used domain generation algorithms (DGAs) to bypass ad blockers and serve ads to all site visitors.

Cryptojacking techniques have been proposed for beneficial uses as well, such as providing a revenue stream for sites and services or crowdfunding for disaster relief efforts. Nevertheless, from the perspective of end users and network administrators, cryptojacking is primarily a drain on processing and power resources.

This was last updated in March 2018

Continue Reading About cryptojacking

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

Close