[Ads-l] cryptojacking (23 September 2017), cryptojacker (20 October)

Barretts Mail mail.barretts at GMAIL.COM
Sat Oct 21 21:44:21 UTC 2017

1. Two recent articles discuss cryptojacking (noun)

http://wccftech.com/the-pirate-bay-cryptojacking-mine-monero/ <http://wccftech.com/the-pirate-bay-cryptojacking-mine-monero/>
https://www.wired.com/story/cryptojacking-cryptocurrency-mining-browser/ <https://www.wired.com/story/cryptojacking-cryptocurrency-mining-browser/> 

The Wired story, released yesterday, has a wider reach.

One of the ways to generate cryptocurrency is to use a computer to solve an algorithm. Typically many computers around the world do this simultaneously, and the first to solve the current algorithm is rewarded with cryptocoins. This process is called mining.

On 14 September 2017, Coinhive (https://coinhive.com/ <https://coinhive.com/>) launched a way for webmasters to earn money by having website visitors’ computers mine coins. This is intended for use as an alternative to advertising.

On 23 September, Catalin Cimpanu reported on BleepingComputer that hackers found a way to secretly use the computing power of website visitors to mine coins (https://www.bleepingcomputer.com/news/security/coinhive-is-rapidly-becoming-a-favorite-tool-among-malware-devs/#.WcdSRsUu_6Y.twitter <https://www.bleepingcomputer.com/news/security/coinhive-is-rapidly-becoming-a-favorite-tool-among-malware-devs/#.WcdSRsUu_6Y.twitter>, which is where I found the date of 14 September above).  

The next place Bleeping Computer expects to see Coinhive deployed next is adware, and especially the type of adware that hijacks search fields and inserts ads into search results….

Currently, some experts refer to the technique of hijacking users' browsers for cryptocurrency mining as "cryptojacking.”

According to Cimpanu, the term was already in use when the article was written.

N.B. Twitter provides a false positive:
21 May 2017
飞龙 (@thaddeusbatt)
https://twitter.com/thaddeusbatt/status/866474704365907972 <https://twitter.com/thaddeusbatt/status/866474704365907972>

Too late. It'll settle back down until the next cryptojacking happens.

This appears to be just crypto (cryptocurrency) + jack (increase).

2. The Wired article (second link) also has “cryptojacked” (adjective)

So far these types of attacks have been discovered in compromised sites' source code by users—including security researcher Troy Mursch—who notice their processor load spiking dramatically after navigating to cryptojacked pages.

3. cryptojacked (past participle)

17 October
David Michaels
Twitter: @davidmichaels
https://twitter.com/davidmichaels/status/920309908167364608 <https://twitter.com/davidmichaels/status/920309908167364608>

I lost billable hours b/c it took too long to perform tasks on my #cryptojacked laptop.
— —

17 October
Trond Vidar Bjorøy
Has your browser been cryptojacked?
https://trondbjoroy.com/has-your-browser-been-cryptojacked-351244daf094 <https://trondbjoroy.com/has-your-browser-been-cryptojacked-351244daf094> 

The term is used in the title only.

4. cryptojacker

20 October
Blackhawk Cybersecurity (@blackhawkcybersec)
More Cryptojacking Malware – Avoid it
https://wordpress.org/support/topic/more-cryptojacking-malware-avoid-it/ <https://wordpress.org/support/topic/more-cryptojacking-malware-avoid-it/> 

This plugin’s implementation is malware. It is a stealth miner, or cryptojacker, because it effectively hijacks the user’s browser for mining and will spike their CPU usage.

Benjamin Barrett
Formerly of Seattle, WA
The American Dialect Society - http://www.americandialect.org

More information about the Ads-l mailing list