As cryptojacking has spread around the web, largely thanks to the original “in-browser miner,” Coinhive, and its copycats, implementations generally don’t live up to those lofty aims. Instead, it’s used to exploit unknowing people’s resources-both their hardware and electric bills-and increasingly blocked as malware by scanners and ad-blockers. And efforts to keep cryptojacking on the straight and narrow have largely fizzled.
Cryptojacking doesn’t require a download, starts instantly, and works efficiently. Making it even more insidious, hackers can sneak a mining component onto unsuspecting websites and pilfer cryptocurrency off of the legitimate site’s traffic. Illicit cryptojacking software has plagued unsuspecting sites like Politifact and Showtime. In one especially glaring incident from early December, a customer using the public Wi-Fi at a Buenos Aires Starbucks discovered that someone had manipulated the Wi-Fi system, delaying the connection in order to mine Monero with shoppers’ devices.
Despite those high-profile sneak attacks, researchers say that most cryptojacking is intentional, and that the practice is evolving in concerning ways.