We stand with Ukraine to help keep people safe. Join us

Tags Malware Threats Malware

An Overview of Cryptojacking & Useful Tips on How to Prevent Cryptojacking

Table of contents

Commonly referred to as “malicious cryptomining”, cryptojacking occurs when cybercriminals hijack personal computers with the intent of installing malicious software.  


Following the installation, they can use computers to remotely  “mine” digital money (cryptocurrencies) such as Bitcoin and others. The main challenge of cryptojacking is that it’s tough to detect by non-tech people. Apart from using the resources and power of personal/business computers to mine crypto, attackers can also steal cryptocurrency from people’s digital wallets.


Higher electricity bills, slow response times, computer overheating, or increased processor usage could be a sign of an attack. Read more and you’ll learn how to detect cryptojacking, as well as some tips and tricks on how to stay safe.

How & when did cryptojacking emerge?

Cryptojacking rose to fame in 2017 when the well-known cryptocurrency Bitcoin was booming. Around this period, Coinhive emerged too. This was a cryptojacking service made up of Javascript files. In simple terms, the promise of Coinhive was to give website owners an “opportunity” to make more money from their website visitors.  


Numerous website owners jumped in as they believed this form of crypto-mining was easier, had more resources, and was a much better alternative to paid ads. For the service to work, it required the approval of visitors and website owners. But soon enough, Coinhive began implementing malicious code. The purpose was to exploit the main vulnerabilities of the websites, draining resources without anyone knowing and mining cryptocurrency for them.


Even though Coinhive has been shut down, replicas and scripts of the software are still available, leaving numerous other websites exposed to potential cryptojacking.

Main types of cryptojacking

There are three core tactics to mine cryptocurrencies using cryptojacking: cryptomining script execution via malware, hijacking cloud services, and breaking IT infrastructures.


File-Based Cryptojacking

File-based cryptojacking uses malicious emails to access the infrastructure of a computer. Such emails contain executable files users click to download onto their device. To make the message believable, hackers may impersonate an official entity, such as a bank, asking a customer to download an attachment masked as an invoice or bank statement. Following the download, the scripts run in the background, quietly mining cryptocurrency without anyone knowing.


Browser-Based Cryptojacking

Browser-based cryptojacking happens within common browsers like Google Chrome, Mozilla, Safari, and others. With the help of programmable language, hackers create a cryptomining script. They embed this directly into the websites accessed from the corrupt browser, but also in outdated WordPress plugins and display ads.


Cloud Cryptojacking

Cloud services are more complex to hijack, but can still be targeted nonetheless. In general, attackers search through the code or files of an organization in the hope of finding the API keys to access the cloud service. Following this step, they can use CPU resources to mine cryptocurrency, leading to massive increases in electricity and computer power.

How exactly does cryptojacking work?

Is cryptojacking illegal and how does cryptojacking work? Yes, it is. Just like most pioneering inventions, blockchain technology is a moral paradox. On the one hand, it has revolutionized industries like finance and payments. On the other hand, it has been used numerous times to fuel completely illegal activities. As a consequence, the world associates blockchain with shady and useless cryptocurrencies. To many, it’s an illusion driven by hype and speculation.


Because cryptocurrencies require enormous energy to be “mined” (aka produced), cryptomining has morphed into cryptojacking, a serious cybersecurity issue people and companies must be aware of if they want to steer clear of unwanted data breaches. This is how cryptojacking works assuming you use the Google Chrome browser:

  • All of a sudden you get an email from your bank. The subject of the email is click-bait and usually sounds like this: “Your requested bank statement is ready to download. Click here!”
  • You open the email and download the attachment. Nothing happens, your attachment is nowhere to be found, and if you do find it on your computer, you can’t open it. If you are not tech-savvy, you’ll probably move on with your life and do nothing.
  • While you do nothing, the crypto-mining malware has been installed in the backend of your computer’s infrastructure via a so-called “script”.
  • The attackers will gain access to your device and use it to drain its power, or worse, access other mobile apps or messaging services you use.
  • The ill-intended miner will start running the code on your device by using its power to calculate “hashes”. This will mine for his very own cryptocurrency. Then, once he/she is done, the coins will be transferred into their digital wallets.


This example only illustrates what happens to Google Chrome browsers but this doesn’t mean that other browsers are immune to threats. And although it might seem like no harm has been done, the attackers can seriously damage your device by triggering overheating and skyrocketing your electricity bill. Detection matters more now than ever.Now you have some idea on cryptojacking and how it works, let us have a closer look at how to detect and protect your devices, and ultimately your identity from cryptojacking.

How to detect cryptojacking

Cryptojacking can be particularly harmful in a business environment. Office spaces have tens of computers, and the majority are high-end, fast, and capable of handling all kinds of business operations. And yet, detecting if your organization’s IT infrastructure has been compromised can be challenging. The best tactic is to be vigilant and mindful about such cyberattacks. It’s better to be safe than sorry. Here are some steps on how to check for cryptojacking:


Look for poor computer performance

A major symptom of cryptojacking could be a sudden decrease in your computer’s performance. If, for any reason, one or more employees complain about having really slow computers, it might be best to have them checked out. The same rule applies with personal devices.


Computer overheating

Even though overheating is not always the result of a cryptojack, it’s worth taking this into account. In time, overheating may shorten the life of your computer and even trigger complete damage. That being said, if you’re searching the web for a new fan to cool it off, you might as well read about cryptojacking malware and cybersecurity tools to help you stay safe too.


Sudden increase in CPU Usage

Spikes in CPU usage can easily be done from Task Manager or Activity Monitor. If you spot a sudden increase while browsing through a website (or more) that looks suspicious or has little content, it might be a sign of cryptomining scripts running without you knowing.


Website monitoring

Cyberattackers constantly seek vulnerable websites because they know it’s easier to embed malicious crypto mining code. To make sure it doesn’t happen to you, it pays to monitor your most used websites and pay close attention to any changes. The sooner you detect that you’ve been hijacked, the better chances you have to save your device.

Tips on how to stop cryptojacking

It’s better to prevent an attack from happening in the first place than to stop it. However, if you suspect you may have downloaded cryptojacking malware, the first thing to do is to remove it from your device. Assuming that you already have anti-virus software installed on your computer, do a thorough scan (NOT a fast scan) of the device. Please note this could take several hours.


Following this step, you can quarantine the malware or remove it altogether. However, no matter how advanced your anti-virus is, hackers these days are becoming increasingly smarter. If, for any reason, you suspect that the software provider you’re using hasn’t caught up on the cryptojacking attempt, you could reset your computer and reformat the hard drive.


In case you don’t have IT experience, ask for the recommendation of an IT professional. Otherwise, you may lose important data already stored on your computer. Further actions you can take include:


Be aware of trends

Regardless of your experience with blockchain technology and cryptocurrency, it’s worth reading about cryptojacking because it’s the newest form of cyberattack in town. The more you read about it, the better your chances of protecting your smart devices and the personal information stored on them. Here are some trusted websites to check out:

  • Coindesk: a leading website in the industry with updated information on all things related to blockchain technology and cryptocurrency.
  • CryptoSlate: a news website where you can read articles on trends and learn more about the most recent industry updates.
  • Cointelegraph: a veteran news website in the world of blockchain, this site constantly publishes useful information on cryptocurrencies and additional technologies.
  • CEX.io: a leading cryptocurrency exchange that offers BTC, BCH, BTG, ETH, ZEC, DASH, and other trading options. CEX.io provides 24/7 customer support, a high level of security, and stable deposits and withdrawals.


Perform regular malware & spyware scans

Now you have some idea of what cryptojacking malware is, make some time to perform regular malware and spyware scans for your devices. Do it at least once a month just to be safe, and consider investing in a software solution with a good reputation and track record.


Leverage anti-cryptomining extensions

Anti-cryptomining extensions can be just as useful. Since cryptojacking scripts are launched in-browser, such extensions will block them completely. Anti Miner and Miner Block are two free examples you can install directly from Google Chrome.


Leverage Ad-Blockers

Ads are everywhere and even though the majority are completely harmless, you can’t really be sure what you’re clicking on every time you see a catchy ad. One of the easiest ways to embed a cryptojacking script is within an ad. To make sure it doesn’t happen to you, AdBlocker is a great free extension compatible with numerous browsers.


Best cybersecurity practices to follow

In general, cryptojacking can be avoided if you:

  • Avoid unsecured websites with no SSL
  • Don’t access websites warning you it’s risky to continue browsing
  • Perform constant updates of your anti-virus software
  • Don’t click on emails with click-bait titles like “Get offer now!”, “You won $1 million. Claim prize!”, etc.
  • Don’t download attachments in an unknown format sent from people you don’t know.
  • Only download extensions and software programs from trusted providers.
  • Only download apps from Google Play Store or Apple App Store.


You can never be too safe with online dangers such as cryptojacking! Why take risks when you can protect yourself and your devices by downloading an all-in-one cybersecurity software like Clario!  


Secure your digital life and benefit from all the perks of the internet without worrying that your personal information has been exposed for the whole world to see.  


Read more:

Keep reading