Phishing simulation Awareness training Data breach detection Pricing About Blog Resources Contact
Get started Log in

What is cryptojacking?

Crypto mining is a dynamic cybersecurity threat that is causing concern among individuals and organizations. We dive into it here.

09-01-2024 - 7 minute read. Posted in: cybercrime.

What is cryptojacking?

Cryptojacking explained

Cryptojacking is a type of cyberattack known as a cryptojacking attack, where hackers secretly use someone else’s computer, server, or mobile device to mine cryptocurrency. Unlike ransomware or data theft, cryptojacking is designed to operate silently in the background, reducing system performance and increasing energy consumption.

Because it doesn’t typically destroy data or demand payment, cryptojacking can go undetected for long periods, making it highly profitable for cybercriminals.

How cryptojacking works

Cryptojacking typically follows a clear pattern:

Attackers employ various methods to install cryptojacking software on unsuspecting victims' devices. The software operates silently, mining cryptocurrency using system resources while users continue their activities, often noticing only a decline in performance. Advanced cryptojacking malware can even spread laterally within networks, raising ethical considerations between legitimate cryptomining and malicious cryptojacking. This is how cryptojacking work.

Infection by cryptojacking malware

Hackers install cryptojacking software through phishing emails, malicious websites, or infected software downloads.

Execution of cryptojacking scripts

Once installed, the malware runs in the background. The cryptojacking script uses the device’s CPU or GPU to mine cryptocurrency without the user’s consent.

Mining

The compromised device becomes part of a larger mining operation. Its processing power is pooled with other infected machines to solve complex cryptographic puzzles.

Profit

The mined cryptocurrency is transferred to the attacker’s wallet through cryptojacking software, while the victim experiences slower performance, increased energy usage, and potential hardware damage.

Types of cryptojacking

There are several types of cryptojacking, each with its unique method of operation:

  1. Browser-based cryptojacking: This type involves using a browser to mine cryptocurrencies without the user’s knowledge or consent. Often, cryptojacking scripts are embedded in websites, and as soon as a user visits the site, the script starts mining cryptocurrency using the visitor’s computing resources.

  2. Cryptomining code: This type involves the use of malicious code to mine cryptocurrencies on a device or network. The cryptomining code can be hidden in software downloads, email attachments, or even legitimate applications that have been compromised.

  3. Drive-by cryptomining: This method uses visitors’ devices to mine crypto without their permission while they visit a website. Unlike browser-based cryptojacking, drive-by cryptomining can continue to run even after the user has left the infected site, as long as the browser remains open.

  4. Worm-style cryptojacking: This involves malware that spreads from device to device, infecting them and consuming their resources to mine cryptocurrencies. This type of cryptojacking can quickly escalate, affecting large networks and causing significant performance issues.

Cryptojacking malware and code

Cryptojacking malware and code are designed to mine cryptocurrencies on a device or network without the user’s knowledge or consent. This type of malware can be spread through various means, including:

  1. Phishing emails: These are malicious emails that trick users into downloading and installing cryptojacking malware. The emails often appear legitimate, luring users into clicking on links or downloading attachments that contain the malicious code. Want to know how these deceptive emails work and how to spot them? Learn more about phishing tactics and how to stay safe.

  2. Infected software: Software that is infected with cryptojacking malware can be installed on a device without the user’s knowledge. This can happen when users download software from untrusted sources or when legitimate software is compromised.

  3. Exploited vulnerabilities: Hackers can exploit vulnerabilities in software or operating systems to install cryptojacking malware. Keeping systems updated and patched is crucial to prevent these types of attacks.

  4. Infected websites: Websites infected with cryptojacking code can execute the code on a user’s device without their knowledge. This is often done through malicious JavaScript code that runs as soon as the website is loaded.

Real-world cryptojacking examples

There have been several high-profile cases of cryptojacking in recent years, highlighting the widespread nature of this threat:

  1. Smominru Botnet: This botnet infected hundreds of thousands of Microsoft Windows systems worldwide to mine Monero cryptocurrency. It is one of the largest and most profitable cryptojacking operations to date. Learn more about how botnets work and why they’re a growing cybersecurity concern.

  2. The Pirate Bay: This popular torrent website ran JavaScript code created by Coinhive, a now-defunct cryptomining service, to mine Monero cryptocurrency without users’ consent. The site used visitors’ computing power to generate revenue through cryptomining.

  3. Graboid: This worm exploits unsecured Docker containers to mine Monero cryptocurrency. It spreads rapidly, infecting other containers and using their resources for cryptomining.

  4. Open Source Image Libraries: There has been a spike in cryptojacking images in open source repositories like Docker Hub. These images, once downloaded and run, can be used to mine cryptocurrencies without the user’s knowledge.

Why cryptojacking is on the rise

Several factors explain the rapid growth of cryptojacking:

  • Low risk: Unlike data breaches, cryptojacking doesn’t require direct interaction with the victim or involve stolen personal data, making it harder to trace and prosecute.

  • High reward: As cryptocurrency values rise, even small mining operations can generate significant profits.

  • Anonymity: Cryptocurrencies like Monero are designed to be private, helping attackers hide their earnings.

  • Easy access: Mining scripts and malware kits are widely available on the dark web, lowering the barrier to entry for attackers.

Cryptojacking attacks are becoming increasingly frequent, with hackers employing sophisticated methods to infiltrate target systems for secret cryptocurrency mining. These attacks persistently spread through networks, consume resources, and inflict both direct and indirect costs on organizations, complicating detection and mitigation efforts.

The impact of cryptojacking

Although it may seem less severe than other types of cyberattacks, cryptojacking can have significant consequences for a computer or mobile device:

System performance issues

Devices infected with mining malware often become slow, unresponsive, or prone to crashes.

Higher energy costs

Mining is resource-intensive. A noticeable increase in electricity bills is common, especially in businesses with many affected devices.

Hardware degradation

Prolonged high CPU and GPU usage can shorten the lifespan of computers, servers, and other devices.

Security vulnerabilities

Some cryptojacking malware includes additional payloads such as spyware or backdoors, increasing the risk of data breaches.

It is crucial to detect cryptojacking early, as it often disguises itself as normal device behavior, making it challenging to identify. Monitoring CPU and GPU usage for unusual spikes and staying informed about the latest trends in cryptojacking can help proactively safeguard systems.

Cryptojacking and cryptocurrency mining

Cryptojacking is closely related to cryptocurrency mining, which involves solving complex mathematical problems to validate transactions on a blockchain. Cryptocurrency mining requires significant computing power, which is why hackers often target devices with powerful processors to mine cryptocurrencies. However, cryptojacking is different from legitimate cryptocurrency mining in that it involves the unauthorized use of devices to mine cryptocurrencies without the user’s knowledge or consent. This unauthorized use of computing power can lead to significant performance issues, increased energy costs, and potential hardware damage for the victim.

How to prevent cryptojacking

Proactive security measures are essential to stop cryptojacking before it impacts your systems:

  • Use trusted cybersecurity tools: Protect your devices by installing reliable antivirus and anti-malware software that offers real-time scanning and is capable of detecting unauthorized cryptomining activity.

  • Keep systems updated: Regularly patch operating systems, browsers, and plugins to close known vulnerabilities.

  • Use ad and script blockers: Browser extensions like NoScript or miner blockers can prevent malicious mining scripts from running in your browser.

  • Monitor performance: Unusual CPU or GPU spikes, overheating, or system slowdowns can be early signs of infection.

  • Educate users: Train employees to recognize phishing emails and avoid suspicious downloads or links.

  • Restrict unauthorized scripts: Apply application whitelisting and browser security policies to limit the execution of unauthorized code.

  • Analyze network activity: Use network monitoring tools to detect unusual outbound traffic associated with cryptomining.

Conclusion

Cryptojacking is a growing cybersecurity threat that can silently drain your computing resources for someone else’s gain. Its stealthy nature makes it particularly dangerous, especially in environments where performance, uptime, and energy efficiency matter.

Staying vigilant, updating your systems, and educating users are key steps in defending against cryptojacking. As cryptocurrencies continue to evolve, so will the methods cybercriminals use to exploit them. Make sure your defenses are ready.

This post has been updated on 04-04-2025 by Sarah Krarup.

Author Sarah Krarup

Sarah Krarup

Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.

View all posts by Sarah Krarup

Similar posts

Cyberattack strikes X
cybercrime

Cyberattack strikes X

X hit by a major outage as Musk blames a 'massive cyberattack.' Hacktivist group ‘Dark Storm’ claims responsibility for the DDoS attack.

11-03-2025 · 4 min.
How network firewalls work
cybercrime

How network firewalls work

Network firewalls are designed to protect computers from unauthorised access and external threats, such as viruses and spyware.

28-04-2022 · 7 min.
Identity theft and how to deal with it
cybercrime

Identity theft and how to deal with it

In this post, we present the problem of identity theft and how to act if you encounter it, and what signs to look for to identify the theft.

25-01-2023 · 6 min.