Browse Definitions :
Definition

cryptojacking

Contributor(s): Ivy Wigmore

Cryptojacking is the surreptitious and unauthorized use of a computer for the resource and power-demanding requirements of cryptocurrency mining. The attack essentially creates a cryptomining bot, and the attacker may coopt many systems to create a botnet.

Hackers can use a variety of techniques for cryptojacking. Originally, cryptojacking involved infecting a target system with malware. More recently, however, in a common JavaScript-based method, the attacker creates content that automatically runs cryptomining software in users' browsers when they visit the page hosting it. The attacker may create the content for the purpose of cryptojacking or may compromise an existing site.

In another twist on the practice, researchers for Chinese cybersecurity vendor Qihoo 360's Netlab team recently reported that an ad network was running cryptomining software in the browsers of unsuspecting users who visit the advertisers' websites. Because programmatic advertising places ads automatically, site owners have little control over the issue. The malware used domain generation algorithms (DGAs) to bypass ad blockers and serve ads to all site visitors.

Cryptojacking techniques have been proposed for beneficial uses as well, such as providing a revenue stream for sites and services or crowdfunding for disaster relief efforts. Nevertheless, from the perspective of end users and network administrators, cryptojacking is primarily a drain on processing and power resources.

This was last updated in March 2018

Continue Reading About cryptojacking

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • cybersecurity insurance (cybersecurity liability insurance)

    Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an entity can purchase to ...

  • phishing

    Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication ...

  • cybercrime

    Cybercrime is any criminal activity that involves a computer, networked device or a network.

SearchHealthIT

SearchDisasterRecovery

  • disaster recovery plan (DRP)

    A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

SearchStorage

  • NVMe over Fabrics (NVMe-oF)

    NVMe over Fabrics, also known as NVMe-oF and non-volatile memory express over fabrics, is a protocol specification designed to ...

  • logical unit number (LUN)

    A logical unit number (LUN) is a unique identifier for designating an individual or collection of physical or virtual storage ...

  • CIFS (Common Internet File System)

    CIFS (Common Internet File System) is a protocol that gained popularity around the year 2000, as vendors worked to establish an ...

Close