U.S. Markets closed

Confusion over Cryptojacking: reports say the technique is rising and falling

Robert Stevens


It seems like everyone and their dog is a cryptojacker these days. Just a couple days ago, the US Department of Justice charged Paige Thompson, the ex-Amazon employee who hacked into hundreds of millions of customer accounts from credit card company Capital, with the crime. Thompson was exploiting the computing services of cloud servers to mine crypto, making a tidy profit. 

And “cybergendarmes,” the French police’s crack cybersecurity team, just rumbled a hacking group that used a network of 850,000 computers to mine the cryptocurrency Monero, reports the BBC.  

It comes as no surprise, then, to hear that cybersecurity researchers from McAfee Labs just found that crypto-jacking campaigns have risen 29 percent, according to a report released this week.

McAfee discovered three news types of methods cryptojackers have at their disposal. PsMiner, which mines Monero, is designed to jam its way into vulnerable servers by automatically installing a payload deceptively called "WindowsUpdate.ps1." CookieMiner meanwhile, targets Apple users, stealing personal data from exchanges like Binance and mining the coin Koto. CookieMiner buries a library deep inside the Mac operating system that funnels the stolen coins to the cryptojackers’ server. And cryptominers have also been exploiting a vulnerability in ThinkPHP, a popular framework for the development of web applications. The miner will install Linux shell scripts on victims’ computers, effectively making them cryptomining nodes in hackers’ campaigns. 

While McAfee’s report says the technique is on the rise, other security researchers say the opposite. Troy Mursch, CEO of Bad Packets, a cybersecurity firm that focuses on cryptojacking, has consistently told Decrypt that cryptojacking is no longer profitable for hackers.

“Cryptojacking detections as a whole have not reached the previous levels seen in late 2017–early 2018 when it was a much more lucrative income method for cybercriminals (due to the high prices of cryptocurrencies),” Mursch told Decrypt today. Others seem to agree. 

Check Point Security released a report from in the summer of this year that found while cryptojacking is still the most popular hack of choice, cryptojacking campaigns have nosedived. 

In Q1 of 2018, Check Point reports that 42 percent of organizations around the world had been infected by crypto-miners at some point. For Q1 this year, just 26 percent. 

Check Point attributes the fall to the close of Coinhive in February, a popular service that originally promised website owners an alternative source of revenue. Instead of watching banner ads, users could slowly mine crypto instead. The business model wasn’t profitable enough to get advertisers to take it seriously, but the service was abused by hackers around the world until its shutdown earlier this year.

There’s one thing that both seem to agree on: Cybercriminals are innovating, and new crypto-jacking varieties are being discovered at higher rates.  

Maybe it’s time to change your passwords, folks.