CRYPTOJACKING

A MINOR SEMINAR REPORT

Submitted in partial fulfilment of requirements for the award of the degree of

BACHELOR OF TECHNOLOGY
(Computer Science Engineering)

SUBMITTED BY

KHALID JAN 190328

Department of Computer Science and Engineering

Government College of Engineering and Technology
Safapora, Ganderbal -193504, J&K (India)

SEPT 2023

1
 Government College of Engineering and Technology
Safapora, Ganderbal -193504, J&K (India)

CERTIFICATE
This is to certify that the project titled “CRYPTOJACKING” is a Bonafide record
of the work done under my supervision & guidance by KHALID JAN (190328) in
partial fulfilment of the requirements for the award of the degree of Bachelor of
Technology in Computer Science and Engineering of GOVERNMENT COLLEGE
OF ENGINEERING AND TECHNOLOGY-SAFAPORA GANDERBAL, during
the year 2023.

Dr Nisar Iqbal Wani MS Bisma Rashid

Head of Department Assistant Professor
(Computer Science & Engineering) (Computer Science & Engineering)

Prof. (Dr.) Rauf Ahmad Khan

(Principal)

2
 ACKNOWLEDGEMENT
The sense of accomplishment and ecstasy that comes with completing a task would be incomplete
without thanking Almighty Allah. I would like to acknowledge the people who made it possible
through their unwavering support. I am delighted to submit to you my topic, which is the product
of a careful blend of research and understanding. I express my special thanks to Dr. Rauf Ahmad
Khan, Principal, for providing us with the opportunity to hold the seminar on a positive note. I am
extremely grateful to Dr Nisar Iqbal Wani, Head of Department, Department of Computer Science
and Engineering, for his guidance. I would like to thank MS Bisma Rashid, Lecturer Computer
Science, for his kind supervision which shaped the present work as it shows. I appreciate everyone,
especially those who contributed to present this topic in this light.

Khalid Jan

3
 ABSTRACT
Cryptojacking is a cyber threat where hackers illicitly hijack a victim's computer, smartphone, or
other devices to mine cryptocurrencies like Bitcoin or Monero. They achieve this covertly through
malicious scripts on websites, phishing emails, or malware. Once compromised, the victim's
device is used to perform the complex computations necessary for cryptocurrency mining,
consuming processing power and energy. This activity often slows down the device, increases
electricity costs, and can lead to performance issues. Cryptojacking is a stealthy way for attackers
to profit from cryptocurrency without the victim's knowledge or consent, making it a growing
concern in the realm of cybersecurity.

In this seminar report, we embark on an immersive exploration of cryptojacking, a clandestine and

rapidly evolving cybersecurity menace that demands our attention. Our journey into the world of
cryptojacking is comprehensive, covering every facet of this cyber threat. We will start by
uncovering the origins of cryptojacking, tracing its roots to the surging popularity of
cryptocurrencies like Bitcoin and Monero. From there, we will delve into the intricate mechanics
of cryptojacking, unveiling the methods by which threat actors surreptitiously conscript victims'
computing resources into mining operations. These mechanisms range from the injection of
malicious scripts into compromised websites and the distribution of stealthy malware to the
orchestration of phishing campaigns designed to deceive users.

But our exploration doesn't stop at understanding how cryptojacking works. We will dive deep
into its diverse forms, including in-browser cryptojacking, malware-based attacks, and drive-by
incidents. Each variant presents unique challenges and impacts, which we will meticulously
dissect. The impacts, indeed, are far-reaching, encompassing performance degradation that
frustrates users, elevated energy consumption that leads to higher bills, financial costs that burden
individuals and organizations, reputational damage that erodes trust, and opportunity costs that
arise from diverted computing resources.

Our seminar report will equip attendees with the tools needed to detect, prevent, and mitigate
cryptojacking threats. We will discuss practical methods for monitoring system resources to spot

4
cryptojacking attempts, explore browser extensions and add-ons that shield against malicious
scripts, emphasize the importance of timely security updates, and underscore the role of user
education in bolstering defenses. In an era where cybersecurity vigilance is paramount, this
seminar report aims to empower attendees with a comprehensive understanding of cryptojacking
and the means to protect against this covert yet insidious cyber menace.

KEYWORDS: Cryptojacking, Cryptocurrency, Malware, Mining, Extensions, Antivirus/anti-

malware program, Bitcoin, Monero, Phishing Emails.

5
 CONTENTS

Title Page
ACKNOWLEDGEMENTS..........................................................................3
ABSTRACT...................................................................................................4-5

CHAPTER 1 INTRODUCTION...........................................................8-13
1.1 Introduction to Cryptocurrency..........................................................................8-9

1.2 Introduction to Cryptojacking............................................................................10-12

1.3 History of Cryptojacking....................................................................................12-13

CHAPTER 2 TYPES OF CRYPTOJACKING....................................14-16

2.1 In-browser Cryptojacking....................................................................................14

2.2 Drive-by Cryptojacking.......................................................................................14

2.3 Malware-based Cryptojacking.............................................................................15

2.4 Piggybacking........................................................................................................15

2.5 Zero-day attacks...................................................................................................15-16

CHAPTER 3 HOW CRYPTOJACKING WORKS.............................17-19

3.1 Working of Cryptojacking...................................................................................17-19

CHAPTER 4 RISKS OF CRYPTOJACKING.....................................20-24

4.1 Technical Risks....................................................................................................20-21

4.2 Financial Risks.....................................................................................................21-22

4.3 Security Risks.......................................................................................................22

4.5 Economic Risks....................................................................................................23

4.6 Environmental Risks............................................................................................23-24

6
CHAPTER 5 NOTABLE CRYPTOJACKING ATTACKS.......................25-28
5.1 Tesla's Cloud Hacked for Crypto Mining............................................................25

5.2 The Pirate Bay Mines Cryptocurrency Using Visitor CPUs................................25-26

5.3 Coinhive Script Controversy on Thousands of Websites.....................................26

5.4 WannaMine Malware Infects Computers for Cryptomining................................26-27

5.5 Botnet Smominru Turns Thousands of Devices into Miners................................28

CHAPTER 6 PREVENTION AND MITIGATION.............................29-32

6.1 Antivirus and Anti-Malware Software.................................................................29

6.2 Browser Extensions and Ad-Blockers..................................................................30

6.3 Security Updates and Patch Management............................................................30-31

6.4 Firewalls and Network Security...........................................................................31-32

6.5 User Education and Awareness............................................................................32

CHAPTER 7 FUTURE TRENDS...........................................................33

7.1 Predictions for the future of cryptojacking..........................................................33-34

7.2 Emerging threats and techniques.........................................................................33-34

7.3 Evolving countermeasures..................................................................................34-35

CHAPTER 8 CONCLUSION.................................................................36
8.1 Conclusion...........................................................................................................36

REFERENCES.................................................................................................37

7
 CHAPTER 1

INTRODUCTION

1.1 Introduction to Cryptocurrency

Cryptocurrency, a groundbreaking innovation born in the digital age, has fundamentally reshaped
our understanding of money, finance, and technology. At its core, cryptocurrency is a
decentralized, digital form of currency that leverages cryptographic techniques to secure
transactions and control the creation of new units. The pioneering technology that underpins most
cryptocurrencies is blockchain, a distributed ledger that records all transactions across a global
network of computers in a transparent and tamper-resistant manner. Bitcoin, the inaugural
cryptocurrency introduced in 2009 by the pseudonymous Satoshi Nakamoto, marked the dawn of
a revolutionary financial ecosystem that now encompasses thousands of digital currencies, each
with its unique features, use cases, and underlying technologies. Cryptocurrencies have gained
prominence for their potential to disrupt traditional financial systems and offer several advantages,
including faster and cheaper cross-border transactions, financial inclusion for the unbanked, and
programmable smart contracts that enable self-executing agreements without the need for
intermediaries. However, they also present formidable challenges, such as price volatility,
regulatory uncertainties, security vulnerabilities, and the ever-evolving landscape of scams and
fraudulent schemes. As the world grapples with the implications of this digital financial revolution,
cryptocurrencies continue to evolve, and discussions surrounding their mainstream adoption,
integration into traditional financial systems, and potential to reshape the future of money and
finance on a global scale remain at the forefront of innovation and debate.
Cryptocurrency, as a term, has become synonymous with a transformative technological and
financial movement that began with the introduction of Bitcoin in January 2009. The enigmatic
figure known as Satoshi Nakamoto, whose identity remains a mystery, conceptualized and
implemented the world's first cryptocurrency as a response to the global financial crisis of 2008.
Bitcoin, often referred to as digital gold, was created as an alternative to traditional fiat currencies
and centralized financial institutions. It introduced the concept of a peer-to-peer electronic cash

8
system that operates on a decentralized network of computers, eschewing the need for
intermediaries like banks and governments in financial transactions.
Central to the functioning of cryptocurrencies is blockchain technology, which serves as the
backbone of most digital currencies. A blockchain is a distributed ledger that records all
transactions in a chronological and immutable manner. It consists of a chain of blocks, each
containing a batch of transactions. These blocks are linked together in a secure and transparent
fashion, forming a continuous chain that can be verified by anyone on the network. The
decentralized nature of blockchain ensures that no single entity or authority has control over the
entire network, making it resistant to manipulation and fraud.
Bitcoin operates on a public blockchain where every transaction is visible to all participants on the
network. Transactions are grouped into blocks and added to the blockchain through a process
called mining. Miners use computational power to solve complex mathematical puzzles, and once
a puzzle is solved, they create a new block of transactions and append it to the blockchain. Miners
are rewarded with newly created bitcoins and transaction fees for their efforts, making mining a
crucial component of the Bitcoin network's security and transaction validation process.
The success of Bitcoin paved the way for the emergence of thousands of other cryptocurrencies,
often referred to as altcoins. Each altcoin has its unique features, consensus mechanisms, and use
cases. Ethereum, for instance, introduced the concept of smart contracts, self-executing agreements
with predefined rules that run on the Ethereum blockchain. Ripple (XRP) focuses on facilitating
fast and low-cost cross-border payments for financial institutions. Litecoin (LTC) aims to be a
faster and more lightweight alternative to Bitcoin, and many others serve niche purposes, from
privacy-focused coins like Monero (XMR) to blockchain platforms like Cardano (ADA) that
emphasize scalability and sustainability.
The rise of cryptocurrencies has been accompanied by a wave of enthusiasm, investment, and
innovation. Supporters argue that cryptocurrencies offer numerous advantages over traditional
financial systems. One of the most significant benefits is the potential for faster and cheaper cross-
border transactions. Traditional international money transfers can be slow, costly, and encumbered
by intermediaries like banks and remittance services. Cryptocurrencies enable users to send funds
directly to recipients anywhere in the world, often within minutes and with lower fees.

9
1.2 Introduction to Cryptojacking
Cryptojacking, a surreptitious and evolving digital threat, has arisen in tandem with the ascent of
cryptocurrencies, representing the unauthorized harnessing of a computer's processing power to
engage in cryptocurrency mining, fundamentally altering the cybersecurity landscape. Initially,
this practice emerged as a debated concept, with some website operators openly requesting visitors
to contribute their CPU power for cryptocurrency mining during web browsing as an alternative
revenue model to traditional ads or subscriptions, thereby setting the stage for cryptojacking's
emergence. However, as cryptocurrencies gained prominence and their value skyrocketed, this
seemingly innocuous concept quickly morphed into a nefarious activity as cybercriminals sought
to exploit the potential for illicit gains. They achieved this by clandestinely embedding malicious
JavaScript code within websites or online ads, triggering cryptocurrency mining processes on
visitors' devices without their consent or awareness, exemplifying the covert and insidious nature
of cryptojacking. As a result, this practice transformed into a significant cybersecurity concern,
posing multifaceted challenges and risks to individuals, organizations, and even governments.
Cryptojacking's origins can be traced to the early 2010s when cryptocurrencies like Bitcoin
introduced a groundbreaking consensus mechanism known as proof of work (PoW), which relies
on miners solving intricate mathematical puzzles to validate transactions and secure the network.
This mechanism incentivized miners with newly created cryptocurrency units as a reward for their
computational efforts. As the value of cryptocurrencies surged, so did the incentive for mining,
leading to a substantial increase in the computational power required for mining operations.
Consequently, cryptocurrency mining pools emerged, enabling miners to pool their computational
resources and increase their chances of successfully mining new cryptocurrency units. While
mining pools offered a more accessible path for individuals to participate in cryptocurrency
mining, they also introduced the concept of "browser mining."

Browser mining, also known as "in-browser mining" or "web-based mining," was initially
conceived as a legitimate method for website operators to monetize their content. Instead of relying
on traditional advertising or subscription models, website owners could request visitors to lend
their computational power while browsing the site, which would then be harnessed for
cryptocurrency mining, typically involving cryptocurrencies designed to be mined using
consumer-grade hardware. The idea seemed innocuous, with visitors willingly allowing a fraction

10
of their CPU power to be used for mining in exchange for an ad-free browsing experience or access
to premium content. However, this concept swiftly evolved into a less ethical practice as certain
websites and online ads began employing browser mining without visitors' knowledge or consent,
marking the birth of cryptojacking.
The mechanisms behind cryptojacking are diverse but share a common goal of surreptitious
cryptocurrency mining. One of the most prevalent methods involves the use of malicious
JavaScript code, which is covertly embedded within compromised websites or online
advertisements. When an unsuspecting user visits such a website or encounters a malicious ad, the
JavaScript code is executed in the background, initiating cryptocurrency mining without the user's
knowledge. The computational burden falls squarely on the visitor's device, which can lead to
performance degradation, increased energy consumption, and even hardware wear and tear.
Another avenue for cryptojacking involves the distribution of malware, where malicious software,
such as Trojans or worms, infects a victim's device, granting control over its computational
resources. These malware variants then execute cryptocurrency mining operations while remaining
concealed from the user's view, often spread across networks, creating a network of hijacked
computing power.
The motivations behind cryptojacking are rooted in financial gain, offering cybercriminals a
lucrative and relatively low-risk avenue for generating cryptocurrency income. Unlike some
cyberattacks that aim to steal sensitive data or disrupt systems, cryptojacking centers around a
financial motive—the mining of cryptocurrencies without bearing the associated costs. This
financial incentive is further compounded by the low risk associated with cryptojacking, as it is
challenging to trace the source of such activities, and penalties for these crimes are typically less
severe than those for traditional cybercrimes. The anonymity afforded by cryptocurrencies like
Monero, frequently targeted in cryptojacking schemes, adds to the appeal, making it challenging
to trace transactions and wallet owners, thereby facilitating the laundering of illicitly obtained
cryptocurrency. Additionally, the proliferation of internet-connected devices, including
smartphones, tablets, and Internet of Things (IoT) devices, has expanded the pool of available
computational resources, allowing cryptojackers to target a broad array of devices, increasing their
potential mining power. Cryptojackers continually adapt their techniques to evade detection,
making it a dynamic and ever-evolving threat, further challenging the efforts of security experts
and organizations striving to mitigate its impact.

11
The impact of cryptojacking is significant and multifaceted, affecting both individuals and
organizations. One immediate consequence is performance degradation, as the mining process
consumes a substantial amount of CPU power, leading to slower response times, increased fan
noise due to overheating, and reduced battery life on mobile devices. Moreover, cryptojacking
substantially increases energy consumption on compromised devices, resulting in higher
electricity bills for individuals and organizations, particularly concerning large-scale infections.
Beyond these immediate effects, cryptojacking can also cause hardware wear and tear, potentially
reducing the lifespan of affected devices.
The covert nature of cryptojacking presents a considerable challenge, as victims are often unaware
of the intrusion until they experience the consequences. The practice continues to evolve, adapting
to new technologies and security measures, making it a persistent and formidable digital threat.
Consequently, individuals and organizations must remain vigilant, employing robust cybersecurity
measures to detect and mitigate the risks associated with cryptojacking, thereby safeguarding their
digital assets and computing resources from this ever-present menace.

1.3 History of Cryptojacking

Cryptojacking, a term coined in the early 2010s, emerged alongside the proliferation of
cryptocurrencies like Bitcoin. It represents a unique threat in the realm of cybersecurity, as it
leverages unsuspecting users' computing power for unauthorized cryptocurrency mining. The
history of cryptojacking can be traced through several key developments:
1.3.1 Early Days of Cryptocurrency (2009-2012):
Cryptojacking's origins are intertwined with the advent of cryptocurrencies, particularly Bitcoin,
which was introduced by Satoshi Nakamoto in 2009. During this period, the cryptocurrency
ecosystem was in its infancy, with a relatively small community of early adopters and miners.
1.3.2 Introduction of Browser Mining (2011-2013):
Browser mining was an early iteration of cryptojacking. It was conceived as a legitimate way for
website operators to monetize their content. Website visitors were asked to contribute their CPU
power for cryptocurrency mining while browsing the site. However, this concept was quickly
exploited by malicious actors who embedded covert mining scripts into websites without users'
consent.
1.3.3 Rise of Altcoins and Monero (2013-2016):

12
As the cryptocurrency landscape diversified, new coins, often referred to as altcoins, emerged with
unique features and mining algorithms. Monero (XMR), introduced in 2014, became a popular
choice for cryptojackers due to its emphasis on privacy and anonymity, making it harder to trace
transactions.
1.3.4 Malicious Mining Pools and Malware (2016-2018):
Cybercriminals began leveraging malicious mining pools to orchestrate large-scale cryptojacking
operations. These pools combined the computing power of numerous hijacked devices, enabling
attackers to mine cryptocurrency more efficiently. Additionally, cryptojacking malware,
distributed through various means including phishing emails and compromised websites, became
prevalent.
1.3.5 Coinhive and In-Browser Mining (2017-2018):
Coinhive, a JavaScript-based mining service, gained notoriety in 2017. It provided an easy-to-use
platform for website operators to engage in browser mining. However, it was swiftly abused by
cybercriminals who injected Coinhive's scripts into websites and ads without user consent, leading
to widespread instances of cryptojacking.
1.3.6 Public Awareness and Countermeasures (2018-Present):
By 2018, public awareness of cryptojacking had grown, prompting greater efforts to combat this
threat. Browser developers, security companies, and antivirus software providers began
implementing features and tools to detect and block cryptojacking scripts. Additionally, legal
action was taken against websites and entities engaging in unauthorized mining activities.
1.3.7 Evolution of Cryptojacking Techniques (Present):
Cryptojackers continue to adapt their techniques to evade detection. They employ various
methods, including polymorphic code, obfuscation, and the abuse of legitimate services, to conceal
their activities. Additionally, cryptojacking has extended beyond traditional computing devices to
target IoT devices, mobile phones, and even cloud environments.

13
 CHAPTER 2
TYPES OF CRYPTOJACKING

2.1 In-browser Cryptojacking

Browser-based cryptojacking, also known as in-browser mining, is a method where malicious
actors surreptitiously insert JavaScript code into websites or ads, enabling them to harness the
computational power of visitors' web browsers to mine cryptocurrencies without their consent.
This technique operates discreetly, causing victims' devices, primarily their CPUs, to perform
resource-intensive cryptocurrency mining calculations for the attacker. The code connects to a
mining pool controlled by the attacker, contributing to the mining process, but the rewards are
typically meager due to the shared nature of mining pools. Users may notice their devices
running slower and hotter while browsing, as cryptojacking consumes CPU resources. Detecting
and mitigating in-browser cryptojacking can be challenging, making the use of browser
extensions or security software crucial for defense. It's essential for website operators to ensure
their sites aren't unwittingly hosting these scripts to safeguard their reputation and user
experience.

2.2 Drive-by Cryptojacking

Drive-by cryptojacking is a surreptitious method used by cybercriminals to illicitly mine
cryptocurrencies on a victim's computer or device when they visit compromised or malicious
websites. These sites contain concealed cryptocurrency mining scripts, typically in JavaScript,
which automatically run in the background without the user's awareness or consent. As the victim's
device contributes its processing power to the mining pool controlled by the attackers, they receive
cryptocurrency rewards. While individual users may not notice substantial financial losses, drive-
by cryptojacking can lead to a noticeable slowdown of the device's performance and reduced
battery life. Protecting against this threat involves staying cautious while browsing, employing
security measures like browser extensions or security software, and ensuring websites are not
compromised to prevent reputation damage and maintain a positive user experience.

14
2.3 Malware-based Cryptojacking
Malware-based cryptojacking involves the use of malicious software, often disguised as legitimate
programs, to covertly hijack a victim's computer or device and utilize its processing power for
cryptocurrency mining without their consent. Once the malware infects the system, it runs in the
background, consuming CPU resources to perform cryptocurrency mining operations. This type
of cryptojacking can significantly degrade system performance, lead to increased energy
consumption, and pose security risks. Detecting and mitigating malware-based cryptojacking
typically requires the use of reputable antivirus and anti-malware software, as well as regular
system scans to identify and remove the malicious code.

2.4 Piggybacking
"Piggybacking" or "piggybacking attack" is a term used in the context of cyberattacks, including
cryptojacking. In the context of cryptojacking attacks, piggybacking typically refers to the practice
of an attacker using an already compromised system or network to launch additional attacks,
including cryptojacking. Here's an explanation:
In a piggybacking cryptojacking attack, an attacker gains unauthorized access to a compromised
computer, server, or network. Once they have control over this system, they may use it as a
launching point for further malicious activities, such as deploying cryptocurrency mining scripts
or malware on additional devices within the compromised network. This allows them to expand
their cryptojacking operation by using the resources of multiple devices, making it potentially
more profitable for the attacker. Piggybacking attacks can make detection and mitigation more
challenging, as the initial compromise may have already weakened the network's security.
2.5 Zero-day attacks
Zero-day attacks in the context of cryptojacking refer to the exploitation of previously unknown
vulnerabilities in software, hardware, or network systems, which have not yet been patched or
addressed by security updates. In cryptojacking, these attacks involve cybercriminals discovering
and exploiting new and undisclosed weaknesses in a target's system, often targeting web browsers
or mining software. This allows them to secretly deploy cryptocurrency mining scripts or malware
without detection, using the victim's devices for mining while security experts remain unaware of
the vulnerability. Zero-day attacks in cryptojacking can be highly lucrative for attackers as they
can operate undetected until the vulnerability is discovered and patched, underscoring the

15
importance of timely software updates, security monitoring, and proactive threat intelligence to
defend against these emerging threats.

16
 CHAPTER 3
HOW CRYPTOJACKING WORKS

3.1 Working of Cryptojacking

Cryptojacking is an insidious cyber-attack that involves covertly harnessing the computational
power of a victim's device to mine cryptocurrencies, such as Bitcoin, Ethereum, or Monero. This
is done without the victim's knowledge or consent. The attack functions through two primary
methods: browser-based and malware-based cryptojacking.

let's dive into the working of cryptojacking in detail, specifically focusing on what hackers do after
gaining access to a device and how they proceed with the mining operation:

From Access to Mining

1.Initial Compromise: The cryptojacking process typically begins with the attacker gaining
unauthorized access to a victim's device. This can occur through various means, such as phishing
emails, malicious downloads, software vulnerabilities, or compromised websites .

2.Malware Installation: Once inside the victim's device, the attacker installs the necessary
cryptojacking software or scripts. This malware operates stealthily in the background to avoid
detection.

3.Initialization: The malware initiates the cryptojacking operation by performing the following
steps:

• Identification of Resources: The malware assesses the device's hardware capabilities,

particularly its central processing unit (CPU) and, in some cases, the graphics processing
unit (GPU).
• Mining Pool Selection: The malware connects to a remote mining pool, a collective of
miners working together to solve cryptocurrency mining algorithms. By joining a mining
pool, the attacker ensures consistent and steady mining rewards.

17
 • Fetching Mining Software: The malware may download the necessary cryptocurrency
mining software from a remote server or source it locally if preinstalled.

4. Mining Process: With the infrastructure in place, the attacker's malware engages in the
actual mining process:

• Transaction Verification: The malware collects a set of unverified cryptocurrency

transactions from the network. These transactions are bundled together in a block.
• Creating a Block Header: The malware constructs a block header, including details like the
previous block's hash, the transaction data, a nonce (a random number), and the current
difficulty target.
• Hashing the Block: The malware uses the device's CPU or GPU to repeatedly hash the
block header, changing the nonce with each attempt. The goal is to find a hash that meets
the current difficulty target criteria, which typically involves having a specific number of
leading zeros in the hash.
• Proof-of-Work: The miner continues hashing until it discovers a valid hash that satisfies
the difficulty criteria. This process is known as proof-of-work and is essential for securing
the cryptocurrency network.

5.Block Submission: Once the miner finds a valid hash, the malware sends the completed
block to the mining pool for verification and inclusion in the blockchain.

6.Earning Rewards: The mining pool distributes rewards to the attacker's cryptocurrency
wallet based on their contribution to the pool's computational power. These rewards typically
consist of newly created cryptocurrency tokens (e.g., Bitcoin) and transaction fees from the
verified transactions in the mined block.

7.Continuous Operation: The cryptojacking malware remains active on the victim's device,
continuously repeating the mining process to maximize the attacker's earnings. It also frequently
changes the nonce to search for a valid hash, ensuring that the mining operation remains ongoing.

8.Concealment: To avoid detection, cryptojacking malware often employs various tactics, such
as throttling CPU usage to avoid performance degradation, running only when the device is idle,
or using evasion techniques to evade antivirus and security software.

18
9.Monitoring and Exfiltration: The attacker monitors the progress of the mining operation
remotely, ensuring the malware is functioning as intended. The mined cryptocurrency is
periodically exfiltrated to the attacker's wallet.

10.Persistence: Cryptojacking malware may attempt to maintain persistence on the victim's

device, ensuring that it restarts after system reboots or security scans.

In essence, cryptojacking involves hackers surreptitiously gaining control of a device and

deploying malware that exploits the device's computational resources for cryptocurrency mining.
The attacker's mining operation continues as long as the malware remains undetected, ultimately
funneling the mined cryptocurrency into the hacker's wallet. This process allows the attacker to
profit at the expense of the victim's device and electricity consumption.

19
 CHAPTER 4
RISKS OF CRYPTOJACKING

4.1 Technical Risks

Cryptojacking poses several technical risks, both for individuals and organizations. These risks
stem from the unauthorized use of computational resources for cryptocurrency mining and the
potential consequences of such activities. Here are the key technical risks associated with
cryptojacking:
• Performance Degradation: Cryptojacking consumes a significant amount of a device's CPU
or GPU resources. This can result in noticeable performance degradation, causing devices
to become slow, unresponsive, or even crash. In a business environment, this can lead to
productivity losses.

• Increased Energy Consumption: Devices engaged in cryptojacking operate at full capacity,

which leads to higher energy consumption. This can result in increased electricity bills for
individuals and organizations, impacting their operational costs.

• Device Overheating: The continuous and intensive use of CPU/GPU during cryptojacking
can cause devices to overheat. Over time, this may lead to hardware damage or reduced
device lifespan.

• Reduced Hardware Reliability: Constantly running hardware at high loads can accelerate
wear and tear, potentially leading to premature hardware failure. Replacing and
maintaining hardware can be costly for both individuals and businesses.

• Data Loss and Corruption: The heavy strain on the CPU/GPU can lead to data loss or
corruption, especially if the device crashes while critical operations are in progress. This
can result in data recovery efforts or permanent data loss.

20
 • Downtime: As devices become slow or unresponsive due to cryptojacking, users may
experience downtime and reduced productivity. In a business context, this can translate
into financial losses.

• Reputation Damage: If an organization's resources are used for cryptojacking, it can

damage its reputation, as customers and clients may lose trust in its ability to secure their
data and resources.

4.2 Financial Risks

Certainly, cryptojacking poses several financial risks for both individuals and organizations. These
risks are primarily associated with the costs incurred because of the cryptojacking attack and its
subsequent impact on operations. Here are the key financial risks of cryptojacking:
• Increased Energy Costs: Cryptojacking consumes a significant amount of computational
resources, leading to higher electricity bills. This increased energy consumption can be
substantial for businesses with a large number of affected devices, resulting in higher
operational expenses.

• Hardware Replacement and Maintenance: The continuous strain on CPU/GPU caused by

cryptojacking can lead to accelerated wear and tear. This may result in the need for more
frequent hardware replacements and repairs, incurring additional costs for individuals and
organizations.

• Loss of Productivity: In a business setting, cryptojacking can lead to reduced employee

productivity due to slower system performance and downtime. This can result in financial
losses for the organization.

• Downtime Costs: If devices become unresponsive or need to be taken offline for

maintenance or repair due to the strain from cryptojacking, this can lead to downtime.
Downtime can result in lost revenue, especially for businesses heavily reliant on continuous
online operations.

21
 • Security Response Costs: Detecting, mitigating, and recovering from a cryptojacking
incident requires time and resources. This includes expenses related to cybersecurity
experts, incident response teams, and the implementation of security measures to prevent
future incidents.

• Decreased Stock Value: For publicly traded companies, news of a cryptojacking incident
and its financial implications can negatively impact stock prices, potentially leading to a
decrease in shareholder value.

4.3 Security Risks

Cryptojacking presents significant security risks to both individuals and organizations. These risks
arise from the unauthorized use of computing resources for cryptocurrency mining and can have
far-reaching consequences. Here are the key security risks associated with cryptojacking:
• Data Breach: While cryptojacking itself doesn't involve data theft, it often indicates that an
attacker has gained unauthorized access to a device or network. Once inside, an attacker
may exploit this access to steal sensitive data, compromising the security and privacy of
individuals or organizations.

• Compromised Credentials: In some cases, attackers use cryptojacking as a diversionary

tactic while they attempt to compromise user accounts or gain access to sensitive systems.
This can lead to unauthorized access and further security breaches.

• Vulnerability Exploitation: Cryptojacking malware often targets known vulnerabilities to

infiltrate devices. After gaining access, attackers may leave these vulnerabilities unpatched,
making the system susceptible to additional cyberattacks, including malware infections,
data breaches, and ransomware attacks.

• Loss of Control: Cryptojacking represents an unauthorized use of computing resources.

Victims lose control over their devices, and organizations may lose control over their
network infrastructure, leading to a potential security gap.

22
23
4.4 Economic Risks
Cryptojacking poses economic risks that can affect individuals, organizations, and even broader
economies. These risks stem from the financial consequences and broader economic implications
of cryptojacking incidents. Here are the key economic risks associated with cryptojacking:

• Increased Operational Costs: Cryptojacking leads to higher electricity bills due to the
increased energy consumption of affected devices. This can strain the finances of
individuals and businesses, particularly those with many devices.

• Hardware Replacement and Maintenance Costs: Continuous cryptojacking can accelerate

hardware wear and tear, leading to the need for more frequent replacement and
maintenance of devices. These costs can be substantial for both individuals and
organizations.

• Loss of Productivity: In a business context, cryptojacking can result in reduced employee

productivity due to slower system performance and downtime. The resulting decrease in
output can lead to financial losses for the organization.

• Downtime Costs: Cryptojacking can cause devices to become unresponsive or require

maintenance or repairs, resulting in downtime. Downtime can disrupt business operations
and lead to lost revenue, especially for online businesses.

4.5 Environmental Risks

Cryptojacking, while primarily a cybersecurity and financial concern, can also have environmental
implications due to the increased energy consumption associated with cryptocurrency mining.
Here are the key environmental risks associated with cryptojacking:
• Excessive Energy Consumption: Cryptojacking significantly increases the energy
consumption of affected devices. Since cryptocurrency mining operations are
computationally intensive, they require a considerable amount of electrical power. This can

24
 lead to additional strain on power grids and contribute to higher carbon emissions,
particularly if the energy source is fossil fuels.

• Impact on Carbon Footprint: Devices engaged in cryptojacking consume electricity, which,

depending on the energy source, can result in a larger carbon footprint. Mining operations
powered by fossil fuels, such as coal or natural gas, contribute to greenhouse gas emissions,
exacerbating environmental concerns.

• Energy Efficiency Concerns: Cryptojacking malware may not be designed for energy
efficiency, as its primary goal is to maximize mining output. Consequently, devices
operating at full capacity for extended periods consume more energy than necessary,
leading to wasteful energy practices.

• Hardware Lifespan: Cryptojacking's continuous high load on CPUs and GPUs can shorten
the lifespan of these hardware components. The premature disposal and replacement of
devices contribute to electronic waste, which has environmental repercussions.

• Heat Emission: Cryptomining generates heat as a byproduct of energy-intensive

calculations. Overheating devices often require additional cooling, which can, in turn,
consume more energy and exacerbate the environmental impact.

25
 CHAPTER 5
NOTABLE CRYPTOJACKING ATTACKS

5.1 Tesla's Cloud Hacked for Crypto Mining

In a notable incident, Tesla Inc. became the target of cryptocurrency miners who gained
unauthorized access to the company's Amazon Web Services (AWS) cloud account. Cybersecurity
software firm RedLock reported the breach, revealing that the attackers exploited Tesla's AWS
resources to mine digital coins. Although this intrusion resulted in the compromise of some of
Tesla's proprietary data, including mapping, telemetry, and vehicle servicing, the company assured
that customer information remained secure and unaffected. Tesla stated that the impact was limited
to internally used engineering test cars and did not pose any threats to customer privacy, vehicle
safety, or security. The breach was discovered when RedLock identified an unprotected IT
administrative console, through which the attackers accessed and executed scripts to mine
cryptocurrency. The incident highlights the ongoing challenge of cryptojacking attacks, where
malicious actors seek to harness the computing power of unsuspecting organizations for their
cryptocurrency mining efforts. RedLock came across the breach by chance and received a reward
of over $3,000 as part of Tesla's bug bounty program. Tesla joins a list of companies and
government agencies that have fallen victim to similar cryptojacking attacks over the past year as
cybercriminals seek ways to generate cryptocurrencies like Bitcoin.

5.2 The Pirate Bay Mines Cryptocurrency Using Visitor CPUs

The Pirate Bay, a popular torrent website, tested a cryptocurrency miner that utilized visitors'
computers to generate revenue. Users browsing the website noticed an unusual spike in CPU usage
and discovered that The Pirate Bay had begun using their computer processing power to mine
Monero cryptocurrency without their consent. The website deployed a JavaScript miner from
Coinhive, a company specializing in such tools. Coinhive's miner allows websites to mine
cryptocurrency using the computational resources of visitors' browsers in exchange for an ad-free
browsing experience or other incentives. While some users supported the move as an alternative
to ads, others were unhappy about the lack of consent. Pirate Bay later clarified that this initiative
was a test and no longer functional.

26
This approach, known as cryptojacking, involves websites or attackers leveraging visitors' CPU
power to mine cryptocurrencies covertly. While it can generate revenue for the website operators,
it is often viewed negatively due to the lack of transparency and the impact on visitors' devices.
Users have the option to block or disable JavaScript, use ad blockers, or employ browser add-ons
to prevent such mining activities. Monero was the chosen cryptocurrency for this mining effort,
known for its private features.

5.3 Coinhive Script Controversy on Thousands of Websites

A significant cryptojacking incident occurred when a malicious script was inserted into the website
codes of more than 5,000 websites through a popular plugin called Browse Aloud. Browse Aloud
is designed to assist blind and partially sighted individuals in accessing the web. The malware,
believed to be the Coinhive script, covertly utilized the processing power of users' devices to mine
the open-source cryptocurrency Monero. Texthelp, the company operating Browse Aloud, took its
website offline to address the issue. The National Cyber Security Centre (NCSC) initiated an
investigation into the incident but assured the public that there was no indication of direct risks to
individuals. The malware impacted thousands of websites in the UK, Ireland, the United States,
and potentially other countries, with government websites and other organizations affected. The
incident highlighted the significant impact that cryptojacking can have when deployed at scale,
affecting numerous websites and their visitors.

5.4 WannaMine Malware Infects Computers for Cryptomining

The cybersecurity landscape has witnessed a surge in cyberattacks involving cryptocurrency-
mining malware, which has emerged as a significant security threat. One notable example is the
WannaMine malware, discovered by researchers at CrowdStrike, a cybersecurity company. This
strain of malware utilizes the "Eternal Blue" exploit, originally developed by the US National
Security Agency (NSA) and leaked to the public by the Shadow Brokers hacking group. The
exploit was famously used as a foundation for the WannaCry ransomware that affected over
230,000 computers worldwide in May 2017.

WannaMine employs various techniques and capabilities, some akin to those used by nation-state
actors, to hijack victims' computers and CPU processing power secretly for cryptocurrency mining.

27
It leverages "living off the land" techniques, including Windows Management Instrumentation
(WMI) permanent event subscriptions for persistence and propagation via the Eternal Blue exploit.

The malware can infect computers through malicious links in emails or websites, remote access
attacks, or other means, often without the victim's awareness except for a noticeable slowdown in
computer performance. One distinctive aspect of WannaMine is its fileless operation, relying on
legitimate system software such as WMI and PowerShell, making detection and blocking difficult
for organizations without advanced antivirus solutions. The malware employs "Mimi Katz" to
recover login credentials from system memory and attempts infiltration. If unsuccessful, it turns
to the Eternal Blue exploit to gain access.

Once compromised, WannaMine quietly utilizes CPU processing power to mineMonero

cryptocurrency, sometimes causing severe performance issues. CrowdStrike reported that in some
cases, nearly 100% of an organization's systems' CPUs were overutilized, rendering the
environment unusable.

The number of cryptojacking attacks, including those involving WannaMine, has seen a significant
uptick in early 2018, and experts anticipate a continued increase in such activities. These attacks
can lead to business disruptions, downtime, and financial losses for affected organizations. It
underscores the importance of robust cybersecurity measures and next-generation antivirus
solutions to detect and mitigate evolving threats in the digital landscape.

28
5.5 Botnet Smominru Turns Thousands of Devices into Miners
A massive cryptocurrency mining botnet, known as "Smominru," has taken control of over half a
million machines, utilizing the leaked NSA exploit Eternal Blue, which was also used in the
WannaCry ransomware attack. This botnet, powered by Eternal Blue, mines Monero
cryptocurrency and is estimated to have generated approximately $3.6 million since it began
operating in May 2017. Researchers from Proofpoint have found that the botnet reached a peak of
526,000 nodes and has demonstrated remarkable resilience, regenerating itself even after takedown
efforts. Smominru primarily targets Windows servers due to their continuous uptime, making them
lucrative for mining. While organizations may not be aware of their compromised servers, the
botnet can significantly impact performance and energy costs. Additionally, the botnet has been
observed conducting additional attacks via Eternal Blue to expand its size further.

29
 CHAPTER 6
PREVENTION AND MITIGATION

6.1 Antivirus and Anti-Malware Software

Antivirus and anti-malware software play a crucial role in defending against cryptojacking threats.
Here's how they contribute to protection against cryptojacking:
• Real-time Scanning: Antivirus and anti-malware programs continuously scan files and
processes on a computer or network in real-time. They can detect and block known
cryptojacking scripts and malware if they attempt to execute.

• Malicious Script Detection: Many cryptojacking scripts are recognized as malicious by

reputable antivirus databases. When a user visits a compromised website or encounters a
malicious file, the antivirus software can identify and quarantine the script or file.

• Behavioral Analysis: Some advanced antivirus solutions employ behavioral analysis to

identify suspicious activities, even if the cryptojacking script is not yet known. For
example, excessive CPU or GPU usage triggered by cryptojacking may raise an alert.

• Blacklisting: Antivirus programs maintain lists of known malicious websites and domains
associated with cryptojacking. When users attempt to access these sites or domains, the
antivirus software can block access and prevent script execution.

6.2 Browser Extensions and Ad-Blockers

Browser extensions and ad-blockers play a significant role in defending against cryptojacking
threats. Here's how they contribute to protection against cryptojacking:
• Script Blocking: Many cryptojacking scripts run in the background of websites and
consume your device's processing power. Browser extensions and ad-blockers can block
these scripts from executing, preventing unauthorized cryptocurrency mining.

30
 • Blacklist Updates: These extensions maintain updated lists of known cryptojacking
domains and scripts. When you visit a website on their blacklist, they automatically block
the suspicious content, protecting you from potential cryptojacking attempts.

• Customization: Users can customize the settings of these extensions to determine which
scripts or content to block. This allows for fine-tuning the level of protection and
minimizing false positives.

• Complementary to Antivirus: While antivirus software focuses on identifying and

removing malware, browser extensions and ad-blockers target specific web-based threats,
making them a valuable complementary layer of defense.

6.3 Security Updates and Patch Management

Security updates and patch management are essential components of defending against
cryptojacking threats. Here's how they contribute to protection:
• Vulnerability Mitigation: Cryptojacking often occurs through the exploitation of known
vulnerabilities in software, operating systems, and web browsers. Security updates and
patches provided by software vendors address these vulnerabilities, making it harder for
attackers to gain access.

• Timely Deployment: It's crucial to apply security updates promptly. Delaying updates can
leave systems exposed to exploitation, as attackers may quickly take advantage of known
vulnerabilities.

• Operating System Updates: Both operating system developers like Microsoft, Apple, and
Linux distributors regularly release updates to fix security vulnerabilities. Ensuring that
your operating system is up to date is a fundamental step in protecting against
cryptojacking.

31
 • Browser Updates: Web browsers are common targets for cryptojacking scripts. Keeping
your browser up to date ensures that known vulnerabilities are patched, reducing the risk
of drive-by cryptojacking attacks.

• Software Updates: Cryptojacking attacks can also target vulnerabilities in third-party

software applications. Regularly updating all installed software, including plugins and
extensions, is essential for overall security.

6.4 Firewalls and Network Security

Firewalls and network security measures are vital components of safeguarding against
cryptojacking threats. Here's how they contribute to protection:
• Intrusion Detection and Prevention: Firewalls can include intrusion detection and
prevention systems (IDPS) that monitor network traffic for suspicious activity. When
cryptojacking attempts are detected, the firewall can block or alert administrators,
preventing unauthorized access.

• Port Blocking: Firewalls can be configured to block specific network ports commonly used
by cryptojacking malware to communicate with external command and control servers.
This helps disrupt communication between the infected device and the attacker's
infrastructure.
• Traffic Inspection: Advanced firewalls perform deep packet inspection, analyzing network
traffic for known cryptojacking signatures or patterns of behavior. If suspicious activity is
identified, the firewall can take action to block it.

• Application Layer Filtering: Some firewalls offer application layer filtering capabilities,
allowing them to inspect and block specific web applications or scripts that are commonly
associated with cryptojacking.

• Whitelisting and Blacklisting: Network security solutions often support whitelisting and
blacklisting of websites and IP addresses. Known malicious domains can be blacklisted,
preventing access to cryptojacking-related content.

32
 • VPN and Remote Access Security: Organizations should secure virtual private networks
(VPNs) and remote access points to prevent unauthorized access to their networks.
Attackers may attempt to exploit vulnerabilities in these entry points for cryptojacking.

6.5 User Education and Awareness

User education and awareness are critical elements in defending against cryptojacking threats.
Here's how they contribute to protection:
• Recognizing Suspicious Activity: Educated users are more likely to recognize signs of
cryptojacking, such as unexplained increases in CPU or GPU usage, slow system
performance, or overheating devices. Awareness of these indicators can prompt users to
take action.

• Phishing Awareness: Cryptojacking attacks can be initiated through phishing emails or

malicious websites. Educated users are less likely to fall for phishing scams, reducing the
likelihood of infection.

• Safe Browsing Practices: Users can be taught safe browsing practices, such as avoiding
suspicious websites, not clicking on suspicious links, and verifying the legitimacy of
websites before providing personal information or executing downloads.

• Avoiding Untrusted Downloads: Users should be cautious when downloading files or

software from the internet. They should only download files from trusted sources and
verify the authenticity of downloads.

33
 CHAPTER 7
FUTURE TRENDS

7.1 Predictions for the future of cryptojacking

Predicting the future of cryptojacking involves considering various factors and trends in the
cybersecurity landscape. Here are some predictions for the future of cryptojacking:
1. Increased Use of Stealthy Techniques:
Cryptojackers will likely continue to refine and employ stealthy techniques to evade detection.
This includes using advanced obfuscation methods to hide mining scripts within legitimate code.
2. Targeting of Emerging Cryptocurrencies:
As newer cryptocurrencies gain popularity, cryptojackers may shift their focus to exploit
vulnerabilities in these emerging digital currencies. These cryptocurrencies might have fewer
security measures in place.

3. Expansion to IoT Devices:

The proliferation of Internet of Things (IoT) devices provides a new frontier for cryptojacking.
Hackers may target vulnerable IoT devices, utilizing their processing power for mining.
4. Cross-Platform Attacks:
Cryptojackers may diversify their attacks to target multiple platforms simultaneously. This could
involve exploiting both Windows and Linux systems, as well as mobile devices.
5. Cloud-Based Cryptojacking:
Attacks on cloud infrastructure may become more prevalent. Cybercriminals could leverage cloud
resources to scale their mining operations, making detection and mitigation more challenging.

7.2 Emerging Threats and Techniques:

Certainly, let's delve into the emerging threats and techniques associated with cryptojacking:

1. Fileless Cryptojacking:
One emerging threat is the use of fileless cryptojacking, where attackers avoid dropping traditional
malware files on victims' systems. Instead, they leverage legitimate system tools like PowerShell
and Windows Management Instrumentation (WMI) to run scripts directly in memory, making
detection more challenging.
34
2. Zero-Day Exploits:
Cryptojackers may increasingly target zero-day vulnerabilities in operating systems, browsers, or
plugins to initiate their attacks. These vulnerabilities are not yet known to vendors, giving attackers
a head start in compromising systems.
3. Polymorphic Mining Malware:
Cryptojacking malware can become polymorphic, constantly changing its code to evade signature-
based antivirus detection. This adaptability allows it to persistently infect systems .

4. Multi-Vector Attacks:
Attackers may use multi-vector techniques, combining cryptojacking with other cyber threats like
ransomware or information theft. This diversification increases the potential damage inflicted on
victims.
5. Mobile Device Cryptojacking:
With the proliferation of smartphones and tablets, mobile device cryptojacking is on the rise.
Malicious apps or compromised websites can exploit mobile devices to mine cryptocurrencies
covertly.

7.3 Evolving Countermeasures:

1. Advanced Antivirus and Anti-Malware Solutions:
Security software providers are enhancing their antivirus and anti-malware solutions to detect and
block cryptojacking attempts. These tools use heuristics, behavior analysis, and threat intelligence
to identify mining scripts.
2. Browser Extensions and Ad-Blockers:
Users can install browser extensions and ad-blockers specifically designed to block cryptojacking
scripts. These extensions scan web pages for malicious code and prevent it from running.
3. Security Updates and Patch Management:
Regularly updating operating systems, browsers, plugins, and software is crucial to patch known
vulnerabilities. Timely patches help prevent attackers from exploiting security flaws.

4. Firewalls and Network Security:

Network-level security solutions, including firewalls and intrusion detection systems, can detect
unusual traffic patterns associated with cryptojacking and block malicious connections.

35
5. User Education and Awareness:
Educating users about the risks of cryptojacking is essential. Users should be cautious about
clicking on suspicious links, downloading unknown files, and visiting untrusted websites.

36
 CHAPTER 8
CONCLUSION

Cryptojacking represents a persistent and evolving threat in the cybersecurity landscape. This
malicious practice, which involves illicitly harnessing the computing power of unsuspecting
victims to mine cryptocurrencies, has gained prominence due to the profitability and anonymity it
offers to attackers. In this report, we have explored the various facets of cryptojacking, including
its working mechanisms, types, technical risks, financial implications, security concerns, and
preventive measures.

As the cryptocurrency market continues to grow, so does the allure of cryptojacking for
cybercriminals. Its adaptability and ability to fly under the radar make it a formidable adversary.
It has evolved from browser-based scripts to more sophisticated fileless attacks, exploiting zero-
day vulnerabilities and targeting a wide array of devices, including IoT and mobile platforms.

To combat the menace of cryptojacking, individuals and organizations must remain vigilant.
Implementing robust cybersecurity practices, such as keeping software up to date, employing
advanced antivirus tools, and educating users, is crucial. Collaborative efforts within the
cybersecurity community, information sharing, and the development of next-generation security
solutions will play pivotal roles in staying ahead of cryptojackers.

While cryptojacking may be financially rewarding for attackers, its impact on victims can be
significant, leading to increased operational costs, system slowdowns, and potential data breaches.
Therefore, proactive measures and a comprehensive understanding of cryptojacking are essential
to protect against this evolving threat. By staying informed and continually adapting security
measures, individuals and organizations can reduce their exposure to cryptojacking and maintain
a safer digital environment.

37
REFERENCES

38