An Experimental Analysis of Cryptojacking Attacks

  • Per Håkon MelandEmail author
  • Bent Heier Johansen
  • Guttorm Sindre
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11875)


Cryptojacking is the illicit exploitation of Internet users’ bandwidth and processing power to mine cryptocurrencies. This paper presents an experimental analysis of how different types of cryptojacking attacks impact a selection of consumer-grade devices, and the perceived annoyance by the user. This is seen in relation to the expected cost and revenue the attacker would expect. The results show that a well-configured cryptojacking attack does not significantly harm its victims, hence can be very difficult to detect, and even aware users might not bother getting rid of the infection. The costs and risk associated with performing cryptojacking are low, but the attacker would rely on a pool of infected devices over a prolonged period of time in order to make any significant revenue. The main cost is therefore the opportunity cost, as there are more profitable ways to abuse compromised systems due to the general decline in cryptocurrency values. Though the heyday of cryptojacking has gone by, several adversaries are likely to have made quite a profit from it. It can therefore emerge as a serious threat again due to market externalities.


Cryptojacking Cryptomining Drive-by mining Monero Blockchain Malware Experiment Economy 


  1. 1.
    Al Hajri, H.H., Al Mughairi, B.M., Hossain, M.I., Karim, A.M.: Crypto jacking a technique to leverage technology to mine crypto currency. Int. J. Acad. Res. Bus. Social Sci. 9(3), 1210–1221 (2019)Google Scholar
  2. 2.
    Alexa. Accessed 23 Aug 2019
  3. 3.
    Analyze power use with battery historian. Accessed 24 May 2019
  4. 4.
    App store review guidelines. Accessed 22 Aug 2019
  5. 5.
    Bijmans, H.L., Booij, T.M., Doerr, C.: Inadvertently making cyber criminals rich: a comprehensive study of cryptojacking campaigns at internet scale. In: 28th USENIX Security Symposium (USENIX Security 19), pp. 1627–1644 (2019)Google Scholar
  6. 6.
    Carlin, D., Burgess, J., O’Kane, P., Sezer, S.: You could be mine (d): the rise of cryptojacking. IEEE Secur. Priv. 9(3), 1210–1221 (2019)Google Scholar
  7. 7. Accessed 8 Apr 2019
  8. 8.
    Discontinuation of coinhive (2019). Accessed 24 May 2019
  9. 9.
    Top 100 cryptocurrencies by market capitalization (2019). Accessed 22 Aug 2019
  10. 10.
    Mine monero from your browser. Accessed 24 May 2019
  11. 11.
    Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious Javascript code. In: Proceedings of the 19th International Conference on World Wide Web, pp. 281–290. ACM (2010)Google Scholar
  12. 12.
    Cox, J.: Creators of in-browser cryptocurrency miner ‘coinhive’ say their reputation couldn’t be much worse. (2018). Accessed 24 May 2019
  13. 13.
    Cpuminer-multi. Accessed 24 May 2019
  14. 14.
    Dean, M.: 5 best cryptojacking blockers to use on your windows pc. Accessed 24 May 2019
  15. 15.
    Deep miner. Accessed 24 May 2019
  16. 16.
    Eskandari, S., Leoutsarakos, A., Mursch, T., Clark, J.: A first look at browser-based cryptojacking. In: 2018 IEEE European Symposium on Security and Privacy Workshops (2018)Google Scholar
  17. 17.
  18. 18.
    Frigioiu, A.: Crypto miners: the rise of a malware empire (2018). Accessed 24 May 2019
  19. 19.
    Hong, G., et al.: How you get shot in the back: a systematical study about cryptojacking in the real world. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1701–1713. ACM (2018)Google Scholar
  20. 20.
    Hron, M.: Protect yourself from cryptojacking. (2018). Accessed 23 Aug 2019
  21. 21.
  22. 22.
    Kharraz, A., et al.: Outguard: detecting in-browser covert cryptocurrency mining in the wild. In: The World Wide Web Conference, pp. 840–852. WWW 2019, ACM, New York, NY, USA (2019).
  23. 23.
    Konoth, R.K., et al.: Minesweeper: an in-depth look into drive-by cryptocurrency mining and its defense. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1714–1730. ACM (2018)Google Scholar
  24. 24.
    Liao, S.: Calendar app in MAC app store mines cryptocurrency in the background (2018). Accessed 22 Aug 2019
  25. 25.
    Monero miner for web browsers. Accessed 24 May 2019
  26. 26. Accessed 24 May 2019
  27. 27.
    Musch, M., Wressnegger, C., Johns, M., Rieck, K.: Web-based cryptojacking in the wild (2018). arXiv preprint arXiv:1808.09474
  28. 28.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). Accessed 23 Aug 2019
  29. 29.
    Nguyen, V.L., Lin, P.C., Hwang, R.H.: Web attacks: defeating monetisation attempts. Netw. Secur. 2019(5), 11–19 (2019)CrossRefGoogle Scholar
  30. 30.
    Norman, J.: How not to become a crypto-jacking statistic. Comput. Fraud Secur. 2019(4), 18–19 (2019)CrossRefGoogle Scholar
  31. 31.
    Papadopoulos, P., Ilia, P., Markatos, E.P.: Truth in web mining: measuring the profitability and cost of cryptominers as a web monetization model (2018). arXiv:1806.01994v1. Accessed 24 May 2019
  32. 32.
    Partz, H.: Coinhive code found on 300+ websites worldwide in recent cryptojacking campaign (2018). Accessed 24 May 2019Google Scholar
  33. 33.
    Pastrana, S., Suarez-Tangil, G.: A first look at the crypto-mining malware ecosystem: a decade of unrestricted wealth. arXiv preprint (2019) arXiv:1901.00846
  34. 34.
    Pedersen, P.: The open source community as a top 100 country. Accessed 23 Aug 2019
  35. 35.
    Rüth, J., Zimmermann, T., Wolsing, K., Hohlfeld, O.: Digging into browser-based crypto mining. Chair of Communication and Distributed Systems, RWTH Aachen University (2018). Accessed 24 May 2019Google Scholar
  36. 36.
    Saad, M., Khormali, A., Mohaisen, A.: End-to-end analysis of in-browser cryptojacking (2018). arXiv:1809.02152v1. Accessed 24 May 2019
  37. 37.
    Saberhagen, N.V.: Cryptonote v 2.0 (2013). Accessed 24 May 2019Google Scholar
  38. 38.
    Sigler, K.: Crypto-jacking: how cyber-criminals are exploiting thecrypto-currency boom. Comput. Fraud Secur. 2018(9), 12–14 (2018). Scholar
  39. 39. Accessed 24 May 2019
  40. 40.
    Internet security threat report (2019). Accessed 24 May 2019
  41. 41.
    Sysbench. Accessed 24 May 2019
  42. 42.
    Tahir, R., Durrani, S., Ahmed, F., Saeed, H., Zaffar, F., Ilyas, S.: The browsers strike back: countering cryptojacking and parasitic miners on the web. In: IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, pp. 703–711. April (2019).
  43. 43.
    Historical trends in the usage of client-side programming languages for websites. Accessed 24 May 2019
  44. 44.
    Plugin tag: mining. Accessed 24 May 2019
  45. 45.
    Wu, L.: Monero-mining hiddenminer android malware can potentially cause device failure. TrendMicro. Accessed 24 May 2019Google Scholar
  46. 46.
    Xmr-stak: Cryptonight all-in-one mining software. Accessed 24 May 2019
  47. 47.
    Zimba, A., Wang, Z., Chen, H., Mulenga, M.: Recent advances in cryptovirology: state-of-the-art crypto mining and crypto ransomware attacks. KSII Trans. Internet Inf. Syst. (TIIS) 13(6), 3258–3279 (2019)Google Scholar
  48. 48.
    Zmudzinski, A.: Monero developers consider adopting new proof-of-work algorithm in october. Cointelegraph (2019). Accessed 23 Aug 2019

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.SINTEF DigitalTrondheimNorway
  2. 2.Norwegian University of Science and TechnologyTrondheimNorway

Personalised recommendations