Crypto-mining operations are increasingly turning to stealthy tactics to hijack power from unsuspecting organisations and individuals. The practice, known as crypto-jacking, has seen a 20% surge in 2025, with victims losing an estimated $53 for every dollar generated in cryptocurrency.
With the high value of cryptocurrencies in recent years, the barriers to crypto-jacking are relatively low. The required software is readily available on underground web forums, and installing it on computers is less challenging than stealing data or holding it hostage.
Web-crawling bots are among the most useful tools in crypto-jackers' arsenal, sniffing out computers with weak security settings or those that have not been updated since purchase. Advanced AI models could help identify additional targets, but their edge over existing bots is not significant enough to justify the expense.
Crypto-jackers often exploit vulnerabilities in corporate computers, commandeering them within an hour. Servers are particularly attractive targets, as they are always on and often have surges in traffic. Another way crypto-jackers access computers is by finding login credentials unwittingly posted online or guessing them using password-spray attacks.
Even bigger scams have come to light, with individuals and organisations losing millions of dollars in cryptocurrency. Personal laptops and mobile phones have replaced corporate servers as prime targets, with the rising value of Monero contributing to the surge.
Security firms are adapting to the threat, introducing new forensic software packages that analyse processing loads, data traffic, and electricity usage to flag suspicious patterns. Heavyweights like Google and Microsoft are also incorporating advanced AI models into their offerings, hoping to automatically delete malicious code.
