Key takeaways

  • Cryptojacking is when cybercriminals secretly use your device’s processing power to mine cryptocurrencies like Monero, causing it to slow down and overheat while they profit.
  • Cryptojacking can happen through malware, often downloaded via phishing emails, or by visiting websites with malicious scripts that mine cryptocurrency without your knowledge.
  • The most common forms include browser-based cryptojacking, file-based attacks, IoT cryptojacking and cloud cryptojacking.
  • Use reliable antivirus software, monitor device performance, keep software up to date and use specialized browser extensions to defend against cryptojacking malware.

The cryptocurrency space has opened up exciting new possibilities, but it has also given rise to hidden dangers, one of which is cryptojacking. 

Imagine your device begins to slow down unexpectedly, its battery depletes faster than usual or its fan runs nonstop. At first glance, you might not give it much thought, but behind the scenes there might be a darker force at play — cryptojacking. 

This cyberattack mines cryptocurrency for hackers by utilizing your hardware, including your processor. Cryptojacking functions quietly, frequently remaining unnoticed while causing harm to your computer, phone or tablet, unlike more obvious malware. 

So, how does it work, and more importantly, how can you protect yourself? Let’s dive in.

Cryptojacking explained

When fraudsters use your device to quietly mine cryptocurrencies, such as Bitcoin (BTC) or Monero (XMR), without your consent, this is cryptojacking. 

Rather than going for your financial accounts or personal information, they hijack your computer power and make it work harder than usual. While your gadget slows down, overheats and may finally sustain damage from overuse, the hacker makes money from mining.

The most alarming part? Cryptojacking can happen to anyone and almost any device — from smartphones to laptops and even cloud services.

Did you know? According to Check Point’s 2023 Cyber Security Report, XMRig ranked as the 10th most common malware globally in 2021, responsible for 43% of crypto mining attacks.

How does cryptojacking work

Malware or malicious scripts embedded in websites spread cryptojacking via three main methods:

  • Malware-based cryptojacking: In this type of attack, crypto mining malware is installed on your device via phishing emails with malicious links or by tricking users into downloading fake software updates. Once the malware is installed, it runs in the background, hijacking your system’s resources.
  • Infected websites: Malicious JavaScript code is inserted into websites by hackers, and when you visit an infected page, the script begins mining cryptocurrency using your device’s processing power. Unlike traditional malware, you might never know it’s happening as no files are downloaded onto your system.
  • Trojan horses: Trojans are a type of malware disguised as legitimate software that sneaks onto your device, and once there, they can install crypto mining software that operates quietly in the background. You think you’ve downloaded something helpful, but it’s working against you, draining your device’s power for the attacker’s profit.

How cryptojacking works

The objective is the same in the above three ways: using your device to solve challenging mathematical puzzles that validate cryptocurrency transactions. The attacker receives cryptocurrency in exchange, while your device bears the cost.

Types of cryptojacking attacks

Cryptojacking attacks come in various forms, and as this type of attack evolves, new methods emerge. Here are the most common types:

  • IoT cryptojacking: Internet of things (IoT) devices, such as smart home gadgets, are also targets, often lacking robust security measures and becoming cryptojackers’ targets to exploit and use for mining.
  • File-based cryptojacking: This type of cryptojacking attack occurs when you install and run cryptojacking malware on your device. Phishing emails or spoof software upgrades are frequently used to execute these attacks. Even after the infected website is shut down, the software keeps mining cryptocurrency. 
  • Browser-based cryptojacking: This happens when you visit a hacked website using a cryptocurrency mining script. The script terminates when you leave the page and continues to execute while you are on it. These attacks are frequently linked to legitimate websites inadvertently carrying harmful code or advertisements. 
  • Cloud cryptojacking: As cloud services become more prevalent, hackers target cloud-based systems to install crypto mining software. They exploit vulnerabilities or weak security in cloud configurations, allowing them to hijack cloud resources for crypto mining.

Did you know? It’s impossible to mine BTC via phone because Bitcoin mining requires immense computational power beyond what a smartphone can handle. Mining Bitcoin relies on specialized hardware (ASICs) to solve complex algorithms, something a phone’s processor can’t achieve.

Examples of cryptojacking malware incidents

Service providers have been key players in developing and selling cryptojacking programs. For example, in 2017, Coinhive became the first service provider to offer a ready-to-use in-browser mining script, which was initially aimed at giving website and content owners a secondary source of income. 

However, it quickly gained popularity among attackers who saw an opportunity to exploit it. While Coinhive was active, cybercriminals held a significant portion of the total XMR hash rate. As a result, Coinhive was shut down in March 2019 amid a sharp decline in XMR’s price and the company’s reduced profitability.

Another interesting cryptojacking incident occurred in 2018 when cryptojacking code was discovered on the Homicide Report page of the Los Angeles Times. This code was used to mine Monero on visitors’ devices without their consent. 

A further example occurred in July and August of 2018, when over 200,000 MikroTik routers in Brazil were compromised by a cryptojacking attack that injected Coinhive code into significant web traffic.

In addition, many mining pools offer plug-and-play mining solutions, which attackers can modify for cryptojacking. XMRig, the open-source, high-performance Monero miner, is one example. Its signature has been found in several cryptojacking attacks affecting millions of devices worldwide. 

Did you know? Coinhive responded to concerns about cryptojacking by introducing Authedmine, a service that requires users’ consent before mining in their browsers. Still, the service did not gain the same attention as Coinhive’s original, more controversial platform.

How to detect cryptojacking on your device

Because it often doesn’t leave obvious signs, detecting cryptojacking can be tricky. However, there are a few red flags that can help you recognize it:

  • Overheating devices: Cryptojacking forces your device to work harder than usual, which can cause it to overheat. If your computer’s fan is running excessively, cryptojacking might be the cause.
  • Increased battery drain: Cryptojacking can cause your device’s battery to deplete faster than usual because mining cryptocurrency is resource-intensive.
  • Performance drops: Does your computer crash or freeze more often? Is it running slower than usual? These could be signs of cryptojacking, as mining requires substantial computing power.
  • Unexplained increase in CPU usage: If your device’s CPU usage spikes for no apparent reason and you’re not using demanding applications, it could indicate cryptojacking malware.
  • Unexpected high data usage: Some cryptojacking attacks consume more data as your device communicates with mining servers.

How to protect against cryptojacking

To protect against cryprojacking, you need to follow a multi-layered approach focusing on awareness, security practices and specialized tools. Some common ways to defend yourself against cryptojacking attacks include:

  • Install reliable antivirus software: A strong antivirus program can detect and block cryptojacking malware before it infects your device. Regularly update your antivirus software to ensure it recognizes the latest threats.
  • Avoid suspicious links and emails: Be cautious of phishing emails or any suspicious-looking links. Never download attachments or software from unknown sources.
  • Regularly update software: Hackers exploit vulnerabilities in outdated software to install crypto mining malware, so always use the latest versions of your operating system, browser and applications.
  • Monitor your device’s performance: Monitor your device’s CPU usage and temperature. Any unexplained spikes could be a sign of cryptojacking.
  • Use a browser extension: Some browser extensions, like No Coin and MinerBlock, are specifically designed to block crypto mining scripts. Installing one of these can prevent drive-by cryptojacking attacks from running while browsing.
  • Disable JavaScript: While this may limit some website functionality, disabling JavaScript can block cryptojacking scripts from running in your browser.
  • Strengthen cloud security: If you’re using cloud services, ensure strong security configurations are in place. Use multifactor authentication (MFA), limit access to cloud accounts and monitor cloud usage for unusual spikes.

Did you know? Phishing-resistant MFA is a method that uses hardware security keys or FIDO2-based authenticators to block unauthorized access. By requiring a physical device, it makes it harder for attackers to plant crypto mining malware, protecting you from cryptojacking.

Even while it would appear to be a harmful theft of processing power, there could be long-term implications, such as a reduction in the device’s lifespan, higher electricity costs and a significant decline in productivity. However, you can protect yourself from cryptojacking by remaining alert and adhering to recommended cybersecurity procedures.