What Is Cryptojacking and How Does It Work?

According to the European Union Agency for Cybersecurity (ENISA), cryptojacking is the third top cyberthreat. ENISA also noted that cryptojacking reached a record high in the first quarter of 2021. Cryptojacking is used by hackers to essentially create free money. This method takes over devices via malware and uses the devices’ computing power to mine cryptocurrency.

It can be difficult to spot cryptojacking because the malicious code is designed to work in the background and not be visible. However, there are some telltale signs. Keep reading to learn more about how cryptojacking works and how to prevent it from infecting your devices.

What is cryptomining?

Cryptomining is a broad term for mining cryptocurrencies like bitcoin, monero, or ethereum. Cryptomining is the process to generate new cryptocurrency and validate cryptocurrency transactions.

Because cryptocurrency is completely digital, miners are needed to verify and secure blockchains. Miners work to open a new block on certain blockchains. When a miner figures out the answer to a cryptographic puzzle (known as the hash), they receive payment.

It's an incredibly difficult task, as cryptocurrency mining often involves large amounts of computer power, mining software, and mining hardware. This can easily cost several thousand dollars.

Cryptomining in itself is legal, but cryptojacking is illegal. Cryptojacking is when miners use other devices’ processing power to mine crypto. Stealing the power of another device without the owner’s permission and then using it to generate currency is becoming more and more popular.

Interpol lists the impacts of cryptojacking as primarily performance-related, but it can also affect the victim's electricity costs.

How does cryptojacking work?

Cryptojacking can target desktops, laptops, mobile devices, network servers, or any internet-connected device. Once a cybercriminal gains access to these devices, it runs a program to steal the computing power.

Cybercriminals usually gain access to a person's device or server through malware. It gets deployed in a variety of ways, such as a person using an infected website, downloading content, or clicking on a link in a phishing email.

These actions can trigger a cryptomining code getting loaded onto your device. This lets a mining script run in the background that can control your device. The script is designed to steal some or all of your device's computing resources and turn them into digital currency.

Cryptomining malware is more interested in stealing power than taking data or damaging devices. As with other types of malware, cryptojacking will run as long as possible before being detected.

Types of cryptojacking attacks

There are different types of malicious cryptomining that each target a different access point. Let's review the three tactics cybercriminals use to infect your device with cryptomining code.

Browser-based cryptojacking

Also known as drive-by cryptojacking, this involves a user visiting an infected website that will then add cryptomining code to the user's browser. Cybercriminals can place malware in ads, compromise an existing website, or create a website with cryptomining JavaScript code.

Host-based cryptojacking

Host-based cryptojacking focuses on social engineering tactics to succeed. A popular example is phishing emails. Cybercriminals will use social engineering to trick victims into trusting the email. It's common for attackers to pose as a trusted source, such as your boss. Then they will insert a malicious link in the email. Once opened, cryptomining scripts infect your device.

Some other methods that fall under host-based cryptojacking include malicious apps, open source code, or public application programming interface (API).

Cloud-based cryptojacking

Cloud-based cryptojacking is the most difficult to implement out of the three types, but it can provide the biggest payoff. If cybercriminals can access a cloud network, they can infect multiple devices including servers, infrastructures, and software supply chains. It's the biggest threat to the cloud since 86% of compromised Google Cloud instances were used for cryptomining. Cybercriminals will look for vulnerabilities or API keys to access the cloud service.

How to detect cryptojacking

Detecting cryptojacking is difficult because it is designed to work in the background and be completely invisible to the device's owner. But the symptoms will show up eventually. Here are some red flags that may indicate your device is being used for cryptomining:

• Poor device performance: What you might notice first is your device not performing at the same level as before or it may have a shorter lifespan. It may suddenly be very slow or your device may even shut down due to the lack of processing power. Cryptojacking can also affect your router. You may want to evaluate if your router has decreased productivity.
• Overheating: There are a lot of reasons why a device can overheat. But if you did everything possible to keep it cool, there could be something wrong with your device. You may want to check for cryptojacking if your batteries constantly overheat.
• High electricity costs: As with overheating, there could be many reasons why you suddenly had an unexpected increase in electricity costs. Cryptojacking uses a significant amount of energy to operate.
• Central processing unit (CPU) usage spikes: Possibly the most noticeable indication of cryptojacking is high CPU usage. Depending on your device, you may be able to check the CPU use from the task manager or activity monitor. If you have a low processing speed or high power usage, these may be signs of a cryptojacking attack.

If you suspect your device is being used for cryptojacking, then there are some actions you can take to remove it. First, you'll need to confirm your device has cryptomining code. You can use antivirus software to do a scan on your device.

Once the malware has been identified, you can start the process to delete it. Your antivirus software may be able to do this for you. You could also find the best malware removal to get rid of the unauthorized cryptomining code.

If this doesn't work, you might want to look into resetting your computer and reformatting the hard drives. However, this could potentially delete data.

How to protect yourself from cryptojacking attacks

It's much easier to prevent a cyberattack than to try to remove it. Here are some security measures you can implement to protect yourself from cryptojacking and other cybercrimes:

• Use a virtual private network (VPN). A VPN encrypts your Wi-Fi connection and hides your identity, making it more difficult for cybercriminals to target you online. Check out our guide to the best crypto VPNs for a list of apps designed to work with crypto exchanges — and accept crypto as payment.
• Monitor resources. Continuously check the processing speed and power usage of your devices. This can help you detect anomalies sooner rather than waiting for your laptop to get painfully slow to realize there is a problem.
• Install browser extensions designed to block cryptojacking. Because cryptojacking often targets your browser as an access point to your device, you may benefit from installing browser extensions to block cryptojacking efforts. Some options include Anti Miner and minerBlock. Always proceed with caution when downloading anything and ensure you selected an authentic and valid browser extension.
• Use ad blockers. Privacy-focused ad blockers are also useful in blocking the coin-mining process. Many cryptojacking efforts focus on exploiting ads placed on legitimate websites, so an ad blocker can stop these efforts.
• Keep software and operating systems updated. There are always new threats being developed, and software and operating systems frequently put out new updates to keep up with the threats. If you don't update, then you risk not catching malicious actors who can evade your security systems.
• Block malicious websites. Some webpages are known for delivering cryptojacking scripts. Your web browser may have a feature that will warn you if a page you're visiting could potentially contain malware. For example, Google Chrome has phishing and malware detection enabled by default. It will warn you if it has detected any suspicious activity on a website you're trying to visit. It may be good practice to heed these warnings.
• Perform regular antivirus scans. You'll want to use the best antivirus software to ensure your device is kept free from malicious software. You may benefit from frequently scanning your devices to ensure there is no malware or viruses.
• Educate yourself on scams. Staying updated on the latest cybersecurity threats is crucial to ensuring you can spot a scam. For example, phishing emails are often prone to grammatical errors, a sense of urgency, or misspelled email addresses. Taking your time to evaluate an email's authenticity can stop you from accidentally downloading malware.
• Consider disabling JavaScript. If you disable JavaScript, it can stop cryptojacking code from infecting your browser and device. However, it also stops websites from fully loading, which can impact your browsing experience.

Cryptojacking FAQs

Bottom line

Cryptojacking is elusive and many people may not notice their device is running malicious code. Poor device performance is usually the most noticeable sign that something is wrong with your device. This can include operating slowly or randomly shutting off. When combined with other red flags such as overheating or a large electricity bill, you may want to run antivirus software to find and remove the cryptojacking malware.

Prevention is always better than trying to remedy issues. Staying alert and proactively protecting your data and devices can go a long way in stopping cybercrime. To learn more, read our detailed guide on how to stay safe online.

Online Protection With VPN Access and Identity Monitoring

5.0

AllAboutCookies writers and editors score products based on a number of objective features as well as our expert editorial assessment. Our partners do not influence how we rate products.

Editorial Rating

Learn More

On McAfee's website

All-In-One

McAfee

Save $90 on a 2-year plan

• Inclusive antivirus, scam, and web protection with the added privacy of a VPN, identity monitoring, and secure password manager
• Get a real-time Protection Score that measures your online safety and offers guidance to improve security
• Added peace of mind with 24/7 expert online support and McAfee’s Virus Protection Pledge
• Multiple pop-ups for text notifications can be annoying

Author Details

Sara J. Nguyen

About the Author

Sara J. Nguyen is a freelance writer specializing in cybersecurity. She aims to help people protect their data while enjoying technology. She has written about online privacy and tech for over 5 years for several organizations. When she's not writing about the latest cybersecurity trends, you can find her on LinkedIn.