What is Cryptojacking and how to protect yourself from cryptomining malware? (2024)

What is cryptojacking?

Cryptojacking is when hackers run malware on other people’s hardware to secretly mine cryptocurrency. This normally requires considerable processing power, but cryptojacking attacks allow hackers to mine cryptocurrency quickly and efficiently, without having to use their own computing resources.

Owing to Bitcoin’s popularity, cryptojacking malware is sometimes referred to as a “bitcoin virus” or “bitminer virus.” But to make serious money from cryptomining, substantial, expensive computer power is needed. A University of Cambridge study found that Bitcoin mining consumes more power than entire countries.

Cybercrooks’ solution is to use phishing emails, malicious links and downloads, search engine viruses, or social engineering tricks to hijack cryptomining resources from other people’s laptops, desktop PCs, phones, and tablets.

How does cryptojacking work?

All cryptojacking works the same way in principle. Cryptomining malware runs stealthily in the background, hijacking the victim’s central processing unit (CPU) and graphics processing unit (GPU) to “mine” fresh bits of cryptocurrency by solving complex math problems that verify crypto transactions. Every time a piece of cryptocurrency is “minted,” it’s sent to the attacker’s crypto-wallet.

Cryptomining malware is specifically designed to exploit a target’s computer resources, often through a browser or JavaScript. After getting infected with cryptominer malware through a link or other malicious source, the cryptojacking code embeds itself in your machine. The mining malware then runs a script to take control of your computer and start mining cryptocurrency.

Cryptojacking makes unauthorized use of third-party devices to mine cryptocurrency

Cryptojacking attacks are sophisticated and are often run by professional cybercrime groups, but even these can still be detected by running a cryptojacking test to monitor CPU usage. And you can also prevent your own crypto from being jacked by using one of the best cryptowallets that offer advanced cryptocurrency protection.

Examples of cryptojacking

Cryptojackers often target large networks because it’s easier to conceal an illicit cryptomining operation on a network that already uses huge amounts of computing resources. But Bitcoin viruses also target regular people, in which case the cryptojacking malware is tweaked to mine smaller amounts and stay hidden.

Here are some high-profile examples of recent cryptojacking malware attacks:

• Facebook Messenger (2018): A Google Chrome extension called Facexworm hijacked Facebook Messenger to infect users’ computers and mine cryptocurrency, causing Google to ban cryptocurrency mining extensions.

• Tesla (2018): Cryptojackers took over Tesla’s public cloud to run a far-reaching cryptomining campaign.

• GitHub (2020): Cybercriminals commandeered GitHub infrastructure for illegal cryptomining operations using GitHub’s own servers.

• Linux and IoT devices (2023): Cryptomining malware targeting individual Linux users and IoT devices was discovered by Microsoft.

Types of cryptojacking attacks

There are three main types of cryptomining attacks. While they all usually come in the form of a bitcoin miner infection — Bitcoin is the most widely used cryptocurrency — Monero (XMR), Ethereum (ETH), ZCash (ZEC), and other cryptocurrencies can be targeted too.

In-browser hijacking

In-browser hijacking is when extensions or browser tabs from infected sites run cryptojacking code hidden inside them, like when the creators of the SafeBrowse extension embedded Javascript in the extension’s code to mine for Monero using its clients’ CPUs. In-browser hijacking can be extremely stealthy — the only sign of a cryptojacking infection may be a certain tab or extension draining excessive resources for no apparent reason.

In-host hijacking

In-host hijacking is when cryptomining malware, often in the form of a trojan, infiltrates a host computer through phishing emails, search engine viruses, malicious links, or other attacks. Since in-host hijacking infiltrates the host machine itself, and is not limited to a browser, it can be used to cryptojack a wide variety of computer or network resources. The most commonly detected cryptomining malware in recent years is an in-host trojan miner called XMRig.

In-memory hijacking

In-memory hijacking is when the random access memory (RAM) of a system is targeted directly, often with “fileless” methods that turn legitimate commands or pre-installed executables on the operating system into cryptojacking malware. This makes fileless in-memory cryptojackers such as WindDefscan.exe particularly difficult to detect — especially since it forces Task Manager to shut down immediately upon opening.

In-browser, in-host, and in-system hijackers are the three main types of cryptojacking attacks

Signs you’ve been infected with a cryptojacker

Bitcoin miner viruses are designed to avoid arousing suspicion, but once you learn what to look out for, it’s possible to detect cryptojacking. Here are some key signs you may have been infected with cryptojacking malware:

• High CPU usage. If your CPU is running unusually high — maybe even using 100% of its capacity — that’s a major red flag you might be suffering from cryptojacking or another form of malware.

• Slow devices. By funneling your device’s resources to cryptomining, cryptojackers can cause noticeable slowdowns. If you notice a slow computer sudden onset of performance issues, bitcoin miner malware should be one of your top suspects.

• Slow network. Cryptomining malware can commandeer your internet connection to communicate with devices directly controlled by the cryptojackers. If you think your bandwidth is being gobbled up, check out the reasons your phone’s data or internet might be slow before jumping to conclusions.

• Battery dies faster. If the battery in your laptop or phone is draining much faster than usual, it could be because cryptomining malware is constantly siphoning off power to perform high-intensity processes.

• Regular Overheating. As a byproduct of the tremendous amount of power required for cryptomining, miner viruses can cause temperature increases that overwhelm your device’s cooling system. Learn how to check CPU temperature to see how often your system’s overheating — and to what extent.

How to remove a browser hijacker

To get rid of an in-browser cryptojacker, or remove other types of browser hijackers, you may be able to uninstall or simply delete it after you detect it. But this could require editing your Windows registry or removing your Chrome extensions manually.

By far the easiest and most reliable way to remove a browser hijacker — and defend against future malware or hacking attacks — is to download one of the best free antivirus tools, run a full system scan, and ensure all protection shields are enabled.

Is cryptojacking a security risk?

Cryptojacking is a major security risk, and an increasingly prevalent one due to the difficulty of detection and the profit incentive. Although technically not illegal if the affected device owner is first notified and allowed to opt out (rarely the case), most cryptojacking attempts are a dangerous form of unlawful hacking.

Once cryptocurrency mining malware gets into your system, it doesn’t just have the ability to divert resources towards mining Bitcoin — it can also spy on your user activity, harvest bank account details and other private data, or even activate ransomware to hold your system hostage.

Protect against cryptomining

Cryptomining is generally safe if you choose to do it on your own device. But make sure you’re not downloading potentially harmful software posing as a cryptomining tool. And you should certainly take steps to prevent other people from surreptitiously cryptojacking your machine.

Here are some tips to help prevent cryptojacking:

• Keep your devices and software updated. Security patches in the form of updates fix vulnerabilities exposed by hackers, such as the EternalBlue exploit that wreaked havoc on Windows systems.

• Install software from reputable sources. Illegitimate software can house bitcoin malware that executes after you install the program. Only download software from official sources, and always check reviews first.

• Avoid suspicious websites. Torrenting sites, illegal streaming sites, or websites that host pirated software lack the safety protocols and security infrastructure of legitimate websites. They may be teeming with bitminer malware and dangerous hackers.

• Use ad blockers in your browser. Malicious ads, pop-ups, or fake search engines may have cryptojacking scripts embedded within. The best ad blockers can help detect and block malicious cyptomining code automatically.

• Disable JavaScript in your browser. JavaScript is a notoriously insecure programming language that’s commonly exploited in cryptomining attacks. To disable JavaScript, go to your browser’s privacy, security, or content settings.

• Endpoint protection. Endpoints refer to desktops, laptops, and mobile devices — any device that’s the “endpoint” of a communication network. Secure your endpoints with robust antivirus to stop cryptojackers in their tracks, and protect your crypto from being stolen.

Secure your device with Avast One

Avast One offers all-in-one protection against the wide array of cyberthreats — including cryptominers. Combining award-winning antivirus technology, automatic phishing and fake website blockers, and even an integrated VPN that encrypts your connection, Avast helps turn your computer into a digital fortress. Secure your device for free today.