What is cryptomining and who are cryptominers

Table of contents

• What is cryptomining 
• Who are cryptominers
• How illicit cryptomining works 
• Why is illicit cryptomining so prevalent? 
• Impacts on cyber security and systems
• How to protect against illicit cryptomining 

This article delves into the world of cryptomining, a growing practice in the digital landscape. We will explain who cryptominers are, how cryptocurrency mining works, and the cyber security threats it poses, focusing on concepts like cryptomining malware and cryptojacking.

Additionally, we will explore the impact on CPU usage and system resources—critical topics in cyber security. 

What is cryptomining 

Cryptomining, derived from the word “to mine,” is the process of “extracting” cryptocurrencies like Bitcoin, Ethereum, and many others. This activity relies on computer processing power to solve complex cryptographic algorithms. When a miner successfully solves an algorithm, a block is added to the blockchain, and they are rewarded with a certain amount of cryptocurrency. 

Initially, mining could be done with basic computers, but today it requires advanced hardware like GPUs (Graphics Processing Units) or ASIC devices to maximize processing power. For those without sufficient resources, alternatives like cloud mining exist, which use external servers for a fee. 

However, not all that glitters is gold. Beyond the enormous energy consumption involved, cryptomining can become a threat: cybercriminals use illicit methods, such as cryptojacking malware, to secretly exploit others’ system resources. 

Who are cryptominers

Cryptominers are individuals or companies engaged in cryptocurrency mining. They can be divided into two main categories: 

• Legitimate cryptominers
  These are users or businesses that invest in hardware, software, and infrastructure for mining.
  
  Most of them organize into mining pools, collaborative groups where computing power is shared to achieve more efficient results and split rewards. 
  
• Illegitimate cryptominers
  This category includes those who use cryptomining malware or JavaScript code embedded in web pages to exploit others’ processing power without consent.

This practice, known as cryptojacking, is especially insidious: infected devices experience excessive CPU usage, significant slowdowns, and even hardware damage. 

A cryptominer what are they? It is crucial to understand that both honest entrepreneurs and cybercriminals can be hidden behind this figure. The difference lies in the use of resources and intentions.

How illicit cryptomining works 

Illicit cryptomining is one of the most widespread threats in today’s cyber security landscape. Unlike legal mining, which requires significant investment in hardware and infrastructure, malicious mining exploits victims’ system resources covertly and without consent.

This practice involves cryptomining malware or JavaScript code embedded in compromised web pages. Below are common methods used by cybercriminals: 

Distribution of cryptomining malware 

One of the main vectors through which illicit cryptomining is spread is the use of cryptomining malware. These malicious programs, designed to use the computing power of others’ computers or servers, are distributed through various techniques:

Infected or cracked software

Cybercriminals often insert malicious code within seemingly harmless programs, such as free, open source or cracked software. When the user downloads and installs the program, the malware creeps into the operating system and starts using system resources for cryptomining.

Example
A user might download a free version of a video game or professional software, unaware that the program contains cryptojacking malware.

Phishing emails and attachments

Phishing campaigns are also a common method of distributing cryptomining malware. Through deceptive emails containing infected attachments, criminals persuade victims to open malicious files.

These files often activate malware in the background, kick-starting cryptomining without the user noticing.

Fake software updates

In some cases, criminals use fake update prompts for popular software like browsers, antivirus programs, or system plugins. When users proceed with the update, the malware is installed and begins mining operations. 

Cryptojacking via JavaScript code 

Cryptojacking is a particularly stealthy and widespread method of illicit cryptomining that exploits JavaScript code embedded in compromised web pages. This technique works as follows:

Website compromise

Criminals inject cryptomining scripts into legitimate web pages or create sites specifically designed to distribute malicious code. This JavaScript code requires no installation and activates as soon as the web page is loaded. 

Exploitation of user resources

While users browse the page, the script secretly uses their device’s CPU to mine cryptocurrency. This process continues as long as the page remains open, causing increased energy consumption, system slowdowns, and device overheating. 

Detection challenges

Since cryptojacking does not install visible files on the system, it is often difficult to detect with traditional antivirus software. The only noticeable signs for users might be sudden system slowdowns or unusual CPU usage. 

Attacks on servers and IoT devices 

In addition to personal devices like computers and smartphones, cybercriminals target corporate servers and IoT (Internet of Things) devices: 

• Corporate servers
  Servers are ideal targets for illicit cryptomining due to their high computing power and ability to operate 24/7. Attackers exploit vulnerabilities in operating systems or misconfigurations to install malware and initiate mining processes.
• IoT Devices
  Smart TVs, security cameras, routers, and other internet-connected devices often have limited security systems. Cybercriminals compromise these devices to harness their processing power—albeit small—on a large scale. 

Symptoms of illicit cryptomining 

Identifying an illicit cryptomining attack can be challenging, but there are some signs that may indicate the presence of cryptomining malware or malicious JavaScript code. 

• Unusual CPU usage
  A sudden and constant increase in CPU usage is often the first sign of cryptojacking. 
• System slowdowns
  Devices become sluggish, particularly when opening applications or browsing the internet. 
• Overheating and high energy consumption
  Mining processes intensively use computing power, causing devices to overheat and consume more energy. 
• Fan noise
  Computer or server fans run continuously at high speeds to cool the overloaded hardware. 

Why is illicit cryptomining so prevalent?

Illicit cryptomining is increasingly popular among cybercriminals for several reasons: 

• Immediate profits
  Unlike other cyberattacks like ransomware, malicious mining does not require direct victim involvement. Miners profit by secretly exploiting the processing power of infected machines. 
• Low detection risk
  Since cryptojacking does not destroy or damage files, it often goes unnoticed for long periods, allowing criminals to mine uninterrupted. 
• Ease of distribution
  Cryptomining malware and JavaScript codes can be easily spread through compromised websites, infected software, and phishing campaigns. 

Impacts on cyber security and systems

Illicit cryptomining poses significant cyber security risks. In addition to the financial cost of increased energy consumption, the consequences can be severe: 

• System slowdowns
  Cryptojacking malware heavily utilizes the CPU, impairing device performance. 
• Hardware damage
  Prolonged and intensive use of computing power can overheat the device and shorten its lifetime.
• Data loss
  In some cases, malicious cryptominers can damage files or operating systems, rendering devices unusable. 

This threat could be mitigated by adopting advanced cyber security solutions, such as installing up-to-date antivirus and constantly monitoring system resources.

How to protect against illicit cryptomining 

Protecting against illicit cryptomining requires vigilance and appropriate tools. Here are some preventive measures: 

• Install antivirus software that detects type of malware such as cryptomining;
• Use browser extensions that block malicious scripts or JavaScript code;
• Regularly monitor system resource usage;
• Avoid downloading unverified or non-open-source software;
• Keep operating systems and applications updated to close vulnerabilities. 

Questions and answers

1. What is cryptomining? 
   It is the process of extracting cryptocurrency using a computer’s processing power. 
2. Who are cryptominers? 
   They are individuals or companies engaged in legal or malicious cryptomining activities. 
3. What is cryptojacking? 
   It is the unauthorized use of another’s system resources for cryptomining. 
4. What is the impact of cryptomining on devices? 
   It slows performance, increases energy consumption, and may damage hardware. 
5. How does cryptomining malware spread? 
   Through infected software, email attachments, and JavaScript on compromised websites. 
6. How can cryptomining be detected? 
   By monitoring CPU usage and using security tools. 
7. Is legal mining profitable? 
   Yes, but it requires significant investments in hardware and electricity. 
8. What is cloud mining?
   A paid service that allows users to rent computing power from remote farms. 
9. How can you protect against cryptomining malware? 
   By using updated antivirus software, anti-script browser extensions, and verified software. 
10. What happens if a website is compromised? 
    It can exploit visitors’ resources through scripts for illicit cryptomining.