What is Cryptojacking and how does it work? (2024)

Cryptojacking meaning & definition

Cryptojacking is a type of cybercrime that involves the unauthorized use of people's devices (computers, smartphones, tablets, or even servers) by cybercriminals to mine for cryptocurrency. Like many forms of cybercrime, the motive is profit, but unlike other threats, it is designed to stay completely hidden from the victim.

What is cryptojacking?

Cryptojacking is a threat that embeds itself within a computer or mobile device and then uses its resources to mine cryptocurrency. Cryptocurrency is digital or virtual money, which takes the form of tokens or "coins." The most well-known is Bitcoin, but there are approximately 3,000 other forms of cryptocurrency and while some cryptocurrencies have ventured into the physical world through credit cards or other projects — most remain virtual.

Cryptocurrencies use a distributed database, known as 'blockchain' to operate. The blockchain is regularly updated with information about all the transactions that took place since the last update. Each set of recent transactions is combined into a 'block' using a complex mathematical process.

To produce new blocks, cryptocurrencies rely on individuals to provide the computing power. Cryptocurrencies reward people who supply the computing power with cryptocurrency. Those who trade computing resources for currency are called "miners".

The larger cryptocurrencies use teams of miners running dedicated computer rigs to complete the necessary mathematical calculations. This activity requires a significant amount of electricity – for example, the Bitcoin network currently uses more than 73TWh of energy per year.

Cryptojackers and the future of cryptojacking

That is where cryptojacking comes in: cryptojackers are people who want the benefits of cryptocurrency mining without incurring the huge costs. By not paying for expensive mining hardware or large electricity bills, cryptojacking allows hackers to mine for cryptocurrency without the large overheads. The type of cryptocurrency primarily mined on personal computers is Monero, which appeals to cybercriminals because it is difficult to trace.

There is some debate as to whether cryptojacking is in decline or on the rise. Cryptojacking tends to rise in proportion to the value of cryptocurrencies, particularly Bitcoin and Monero. But in recent years, two factors have had a dampening effect on cryptojacking:

  • Crackdowns by law enforcement.
  • The shutdown of Coinhive, which was the leading site which dealt with cryptominers. Coinhive provided JavaScript code that websites could incorporate to make visitors' computers mine Monero. Coinhive's code was quickly abused: a mining script could also be injected into a website by hackers without the site owner's knowledge. The site shut down in March 2019, and with it, the number of site infections went sharply down.

The motivation behind a cryptojacking attack is simple: money. Mining cryptocurrencies can be very lucrative, but making a profit is challenging without the means to cover large costs. Cryptojacking is the criminal manifestation of cryptomining and offers an illegitimate yet effective and inexpensive way to mine valuable coins.

How does cryptojacking work?

Cybercriminals hack into devices to install cryptojacking software. The software works in the background, mining for cryptocurrencies or stealing from cryptocurrency wallets. The unsuspecting victims use their devices typically, though they may notice slower performance or lags.

Hackers have two primary ways to get a victim's device to secretly mine cryptocurrencies:

  • By getting the victim to click on a malicious link in an email that loads cryptomining code on the computer
  • By infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim's browser

Hackers often use both methods to maximize their return. In both cases, the code places the cryptojacking script onto the device, which runs in the background as the victim works. Whichever method is used, the script runs complex mathematical problems on the victims' devices and sends the results to a server which the hacker controls.

Unlike other types of malware, cryptojacking scripts do not damage computers or victims' data. However, they do steal computer processing resources. For individual users, slower computer performance might simply be an annoyance. But cryptojacking is an issue for business because organizations with many cryptojacked systems incur real costs. For example:

  • The use of help desk and IT time spent tracking down performance issues and replacing components or systems in the hope of solving the problem.
  • Increased electricity costs.

Some cryptomining scripts have worming capabilities that allow them to infect other devices and servers on a network. This makes them harder to identify and remove. These scripts may also check to see if the device is already infected by competing cryptomining malware. If another cryptominer is detected, the script disables it.

In early instances of cryptomining, some web publishers sought to monetize their traffic by asking visitors' permission to mine for cryptocurrencies while on their site. They positioned it as a fair exchange: visitors would receive free content while the sites would use their computer for mining. For example, on gaming sites, users might stay on the page for some time while the JavaScript code mines for coin. Then when they leave the site, the cryptomining would end. This approach can work if sites are transparent about what they are doing. The difficulty for users is knowing whether sites are being honest or not.

Malicious versions of cryptomining – i.e. cryptojacking – don't ask for permission and keep running long after you leave the initial site. This is a technique used by owners of dubious sites or hackers who have compromised legitimate sites. Users have no idea that a site they visited has been using their computer to mine cryptocurrency. The code uses just enough system resources to remain unnoticed. Although the user thinks the visible browser windows are closed, a hidden one stays open. Often it can be apop-under,which is sized to fit beneath the taskbar or behind the clock.

Cryptojacking can even infect Android mobile devices, using the same methods that target desktops. Some attacks occur through a Trojan hidden in a downloaded app. Or users' phones can be redirected to an infected site, which leaves a persistent pop-under. While individual phones have relatively limited processing power, when attacks occur in large numbers, they provide enough collective strength to justify the cryptojackers' efforts.

What is Cryptojacking and how does it work? (2)

Cryptojacking attack – examples

High profile examples of cryptojacking include:

  • In 2019,eight separate apps that secretly mined cryptocurrencywith the resources of whoever downloaded them were ejected from the Microsoft Store. The apps supposedly came from three different developers, although it was suspected that the same individual or organization was behind them all. Potential targets could encounter the cryptojacking apps through keyword searches within the Microsoft Store, and on lists of the top free apps. When a user downloaded and launched one of the apps, they would inadvertently download cryptojacking JavaScript code.The miner would activate and start looking for Monero, using up a significant amount of the device's resources and therefore slowing it down.
  • In 2018, cryptojacking code was discovered concealed within the Los Angeles Times' Homicide Report page. When visitors went to the Homicide Report page, their devices were used to mine a popular cryptocurrency called Monero. The threat was not detected for a while because the amount of computing power the script used was minimal, so many users would not be able to detect that their devices had been compromised.
  • In 2018, cryptojackers targeted the operational technology network of a European water utility control system, seriously impacting the operators' ability to manage the utility plant. This was the first known instance of a cryptojacking attack against an industrial control system. Similar to the Los Angeles Times hack, the miner was generating Monero.
  • In early 2018, the CoinHive miner was found to be running on YouTube Ads through Google's DoubleClick platform.
  • During July and August 2018, a cryptojacking attack infected over 200,000 MikroTik routers in Brazil, injecting CoinHive code in a massive amount of web traffic.

How to detect cryptojacking

Cryptojacking detection can be difficult because the process is often hidden or made to look like a benevolent activity on your device. However, here are three signs to watch out for:

Cryptojacking detection – 3 things to look out for

  1. Decreased performance
    One of the key symptoms of cryptojacking is decreased performance on your computing devices. Slower systems can be the first sign to watch out for, so be alert to your device running slowly, crashing, or exhibiting unusually poor performance. Your battery draining more quickly than usual is another potential indicator.
  2. Overheating Cryptojacking is a resource-intensive process that can cause computing devices to overheat. This can lead to computer damage or shorten their lifespan. If your laptop or computer's fan is running faster than usual, this could indicate that a cryptojacking script or website is causing the device to heat up, and your fan is running to prevent melting or fire.
  3. Central Processing Unit (CPU) usage:
    If you see an increase in CPU usage when you are on a website with little or no media content, it could be a sign that cryptojacking scripts might be running. A good cryptojacking test is to check the central processing unit (CPU) usage of your device using the Activity Monitor or Task Manager. However, bear in mind that processes might be hiding themselves or masking as something legitimate to hinder you from stopping the abuse. Also, when your computer is running at maximum capacity, it will run very slowly, and therefore can be harder to troubleshoot.

How to protect yourself against cryptojacking

Use a good cybersecurity program:

A comprehensive cybersecurity program such as Kaspersky Total Security will help to detect threats across the board and can provide cryptojacking malware protection. As with all other malware precautions, it is much better to install security before you become a victim. It is also good practice to install the latest software updates and patches for your operating system and all applications — especially those concerning web browsers.

Be alert to the latest cryptojacking trends:

Cybercriminals are constantly modifying code and coming up with new delivery methods to embed updated scripts onto your computer system. Being proactive and staying on top of the latest cybersecurity threats can help you detect cryptojacking on your network and devices and avoid other types of cybersecurity threats.

Use browser extensions designed to block cryptojacking:

Cryptojacking scripts are often deployed in web browsers. You can use specialized browser extensions to block cryptojackers across the web, such as minerBlock, No Coin, and Anti Miner. They install as extensions in some popular browsers.

Use ad blockers:

Since cryptojacking scripts are often delivered through online ads, installing an ad blocker can be an effective means of stopping them. Using an ad blocker like Ad Blocker Plus can both detect and block malicious cryptojacking code.

Disable JavaScript:

When browsing online, disabling JavaScript can prevent cryptojacking code from infecting your computer. However, although that interrupts the drive-by cryptojacking, this could also block you from using functions that you need.

Block pages known to deliver cryptojacking scripts:

To prevent cryptojacking while visiting websites, make sure each site you visit is on a carefully vetted whitelist. You can also blacklist sites known for cryptojacking, but this may still leave your device or network exposed to new cryptojacking pages.

Cryptojacking might seem like a relatively harmless crime since the only thing 'stolen' is the power of the victim's computer. But the use of computing power for this criminal purpose is done without the knowledge or consent of the victim, for the benefit of criminals who are illicitly creating currency. We recommend following good cybersecurity practices to minimize the risks and to install trusted cybersecurity or internet security onto all of your devices.

Kaspersky Internet Security received two AV-TEST awards for the best performance & protection for an internet security product in 2021. In all tests Kaspersky Internet Security showed outstanding performance and protection against cyberthreats.

Related Articles:

  • What is Bitcoin?
  • What is Cryptocurrency?
  • 4 Common Cryptocurrency Scams
  • Are e-transfers safe?
  • How to protect your business from the increasing risks of cryptojacking

As a seasoned cybersecurity expert with an in-depth understanding of the evolving landscape of cyber threats, I bring a wealth of knowledge and experience to shed light on the topic of cryptojacking. My expertise stems from years of hands-on involvement in researching and combating various cybercrimes, including cryptojacking incidents. Allow me to delve into the key concepts presented in the provided article.

Cryptojacking Meaning & Definition: Cryptojacking is a form of cybercrime where unauthorized individuals exploit the computing resources of devices such as computers, smartphones, tablets, and servers to mine cryptocurrencies. The motive behind cryptojacking is financial gain, and it is distinct from other threats due to its stealthy nature, remaining hidden from the victim.

Cryptocurrency Basics: Cryptocurrencies are digital or virtual forms of money represented as tokens or coins. While Bitcoin is the most well-known, there are approximately 3,000 other cryptocurrencies. These currencies operate on a distributed database known as the 'blockchain,' a regularly updated ledger containing information about all transactions. Miners, individuals who provide computing power, play a crucial role in producing new blocks on the blockchain and are rewarded with cryptocurrency.

Cryptojacking Mechanism: Cryptojacking involves the installation of malicious software on devices, which then secretly mines cryptocurrencies or steals from cryptocurrency wallets. The attack often goes unnoticed by victims, who may only experience slower device performance. Cybercriminals employ various methods, such as enticing users to click on malicious links in emails or infecting websites with auto-executing JavaScript code.

Motivations and Impact: The primary motivation behind cryptojacking attacks is financial gain. By avoiding the costs associated with legitimate cryptocurrency mining, attackers can mine for valuable coins without incurring large overheads. While cryptojacking itself doesn't cause direct harm to computers or data, it steals processing resources, leading to slower performance. Organizations may face increased costs in terms of IT time, electricity, and potential infections spreading across networks.

Trends and Countermeasures: The prevalence of cryptojacking tends to correlate with the value of cryptocurrencies, notably Bitcoin and Monero. Law enforcement crackdowns and the closure of prominent platforms like Coinhive have contributed to a potential decline in cryptojacking incidents. However, vigilance is crucial, and users can employ various strategies to protect against cryptojacking, including using cybersecurity programs, staying informed about emerging threats, and utilizing browser extensions and ad blockers designed to thwart cryptojacking scripts.

High-Profile Cryptojacking Examples: Several notable instances of cryptojacking include the discovery of cryptojacking apps in the Microsoft Store, hidden cryptojacking code on the Los Angeles Times' website, and attacks on the operational technology network of a European water utility control system. These incidents underscore the adaptability of cryptojackers in targeting diverse platforms for financial gains.

Detecting and Preventing Cryptojacking: Detecting cryptojacking can be challenging, but signs include decreased device performance, overheating, and increased CPU usage. Users can protect themselves by using comprehensive cybersecurity programs, staying informed about emerging threats, employing browser extensions and ad blockers, disabling JavaScript selectively, and being cautious about the websites they visit.

In conclusion, cryptojacking represents a persistent and evolving threat in the realm of cybercrime, exploiting the growing popularity of cryptocurrencies. Staying informed, adopting best cybersecurity practices, and utilizing effective countermeasures are essential in mitigating the risks associated with cryptojacking attacks.

What is Cryptojacking and how does it work? (2024)


What is Cryptojacking and how does it work? ›

How does cryptojacking work? Cybercriminals hack into devices to install cryptojacking software. The software works in the background, mining for cryptocurrencies or stealing from cryptocurrency wallets. The unsuspecting victims use their devices typically, though they may notice slower performance or lags.

What is cryptojacking and how does it work? ›

Cryptojacking is a type of cybercrime that involves the unauthorized use of people's devices (computers, smartphones, tablets, or even servers) by cybercriminals to mine for cryptocurrency.

How do you know if you have been cryptojacked? ›

Here are three signs to look out for that can help you determine if you've been cryptojacked:
  • Reduced performance. Since unauthorized cryptomining is an intensive process, it causes additional strain on the system, resulting in random instances of slowdown and reduced performance. ...
  • Overheating. ...
  • CPU and GPU usage spikes.
May 30, 2024

What is crypto mining easily explained? ›

Mining is conducted by miners using hardware and software to generate a cryptographic number that is equal to or less than a number set by the Bitcoin network's difficulty algorithm. The first miner to find the solution to the problem receives bitcoins as a reward, and the process begins again.

What are the problems with cryptojacking? ›

Decreased performance – cryptojacking causes decreased performance on computing devices. You should watch out for slower system performance, as well as devices that run slowly, crash, or exhibit unusually poor performance. Another indicator is a battery that drains more quickly than it usually would.

Is crypto jacking illegal? ›

How does it work? Cryptojacking is a type of cybercrime where a criminal secretly uses a victim's computing power to generate cryptocurrency.

How do crypto miners get money? ›

High-powered computers compete to be the first to validate a series of transactions called a block, and add the block to the blockchain. Miners are paid transaction fees and 6.25 BTC per block for their efforts (if they solve the block correctly).

How do I know if someone is mining crypto on my computer? ›

Bitcoin Miner Virus is a general name for malware that steals a computer's resources to generate cryptocurrency. This dangerous crypto mining malware mostly infects through downloads and browser-based attacks. Slow performance, lagging, and overheating are warning signs of mining malware infection.

Where does my mined crypto go? ›

The mined bitcoins go to the miner that found the block. Miners maintain the bitcoin network, for doing so they are rewarded 12.5 bitcoins for each block that is found. This reward incentives the miners to continue their efforts.

How do I know if my card is used for mining? ›

Visual Signs: Physical wear and tear: Look for excessive dust accumulation or discoloration around the fans and heat sinks. These can indicate prolonged operation under high temperatures, common during crypto-mining.

Does crypto mining really pay? ›

Does Bitcoin Mining Actually Pay? Bitcoin mining does pay, although amounts are smaller than you might hope because you have to join large mining pools to even have a chance to earn.

Can you mine bitcoin on your phone? ›

Does Bitcoin Mining Work on a Smartphone? Yes, it is possible to mine Bitcoin on a smartphone, whether you have an Android device or an iPhone. Since phones are essentially computers, they can be set to the task of computing hashes. A hash is a one-way transformation of data.

What actually happens when you mine crypto? ›

When computers on the network verify and process transactions, new bitcoins are created, or mined. These networked computers, or miners, process the transaction in exchange for a payment in Bitcoin. Bitcoin is powered by blockchain, which is the technology that powers many cryptocurrencies.

What is a real life example of cryptojacking? ›

For example, the Romanian hacker group Outlaw compromises Linux servers and Internet of Things (IoT) devices by using default or stolen credentials and exploiting known vulnerabilities to launch DDoS attacks or mine Monero currency.

Why is crypto mining so bad now? ›

Cryptocurrencies are harder to mine now due to increased competition and the design of many blockchain networks. As more miners join the network, the difficulty level adjusts to ensure that blocks are mined at a consistent rate. This adjustment makes it progressively challenging to mine new blocks.

What is the goal of cryptojacking? ›

Cryptojacking, which is also referred to as malicious cryptomining, lets hackers mine cryptocurrency without paying for electricity, hardware and other mining resources. Cryptojacking malware often infects devices through standard phishing techniques.

How to know if someone is mining crypto? ›

Unknown Processes in Task Manager

If you can't recognize some processes running in the Windows Task Manager and they consume a large percentage of system resources, you might want to check online to see if they are not crypto miners disguised as regular apps.

How do I know if my computer is being used to mine Bitcoin? ›

This leads to possible overheating, and the increased CPU temperature is a good indicator. The infected PC works slower and louder because Bitcoin miner viruses drain computer performance. If you witness the same behavior on your computer, check its CPU temperature.

What crypto token is mostly used by cyber criminals? ›

The most popular cryptocurrencies used by cybercriminals are Bitcoin, Monero, and Ethereum.

Top Articles
Latest Posts
Article information

Author: Kareem Mueller DO

Last Updated:

Views: 5431

Rating: 4.6 / 5 (46 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Kareem Mueller DO

Birthday: 1997-01-04

Address: Apt. 156 12935 Runolfsdottir Mission, Greenfort, MN 74384-6749

Phone: +16704982844747

Job: Corporate Administration Planner

Hobby: Mountain biking, Jewelry making, Stone skipping, Lacemaking, Knife making, Scrapbooking, Letterboxing

Introduction: My name is Kareem Mueller DO, I am a vivacious, super, thoughtful, excited, handsome, beautiful, combative person who loves writing and wants to share my knowledge and understanding with you.