Abstract

Cryptojacking is the unauthorized use of computational resources to mine cryptocurrency without the owner's consent. What began as browser-based mining scripts has evolved into a broader set of attacks targeting endpoints, networks, cloud platforms, containers, IoT devices, and serverless environments. This paper presents a structured survey of eight cryptojacking attack types, analyzing each by attack vector, persistence mechanism, and detection difficulty. By synthesizing prior research, we show how the threat has shifted toward infrastructure-focused abuse and identify recurring detection gaps, including weak model transfer across environments, encrypted mining traffic, and limited visibility in serverless systems.