A cryptomining attack occurs when an attacker installs malware — also known as a cryptojacking script — on a victim’s machine, which then harnesses the CPU, GPU, or other computational resources to mine cryptocurrencies like Bitcoin, Monero, or Ethereum. This allows the attacker to conduct seemingly legitimate cryptomining activities: Cryptocurrencies leverage databases called blockchains consisting of “blocks” of recent transactions that are frequently updated using a complex mathematical process. Producing new blocks requires computing power, which individual “minors” exchange for small amounts of currency. Cryptojacking allows attackers to do this at scale.
Attackers sometimes use phishing emails or compromised software updates to install cryptomining malware on laptops or even mobile devices — though phones have less processing power, infecting a lot of them at once makes it worthwhile.
In many instances, cryptojacking scripts are deployed through web browsers or online ads. Attackers also use browser-based cryptojacking to inject malicious JavaScript code into websites. When someone visits an infected site, the script begins mining cryptocurrency using the visitors’ devices without their consent. This type of cryptojacking doesn’t require malware installation and stops once the user leaves the site.
