What is cryptojacking? How to detect mining malware


Written by:

Cryptojacking is a type of cybercrime that occurs when hackers hijack the processing power of unsuspecting internet users in order to generate new cryptocurrencies.

Rising Bitcoin prices often lead people to get into “mining”–the process of using specialized computer hardware to create units of digital currencies. The energy-intensive nature of mining increases the number of individuals looking to steal computing power. Some of the most private cryptocurrencies–Monero and Zcash–are involved in many cryptojacking cases.

Cryptojacking attackers work surreptitiously. Affected users are usually unaware when crypto mining malware runs complex calculations on their computers, sucking up vast amounts of power. People may notice their computers overheating or working much more slowly. 

But in general, cryptojacking goes undetected much more often than other cybercrimes.

Here’s a guide to how cryptojacking works and what internet users can do to prevent mining malware from infecting their computers.

Related: Guide to taxes and cryptocurrency

Image Credit:

How Cryptojacking Works

There are three ways that crypto mining malware can become embedded on a victim’s computer:

Image Credit: Jirapong Manustrong / iStock.

1. Phishing Scam

People fall prey by clicking a link in a phishing e-mail, unintentionally loading crypto mining malware onto their computers.

Image Credit: jpgfactory/istockphoto.

2. Infected Website

Attackers inject a malicious code or “script” onto a website. The script mines new cryptocurrencies on any computers that visit the website.

Image Credit: iStock.

3. Worms

There have also been cases of cryptojacking worms–malware that can replicate itself onto other computers, devices or servers. Such scripts are also more difficult to detect and remove.

Once placed, the malware runs in the background of victims’ computers while the unknowing victim goes about their business on the device. After the crypto mining script solves complex mathematical problems, the results are sent to the hacker, who then pockets them in what is their cryptocurrency wallet.

Some experts say that streaming and gaming websites tend to be popular venues for cryptojacking codes to lurk. Data has found a single crypto mining malware on more than 35,000 websites.

Image Credit: Marc Bruxelle / iStock.

Risks of Cryptojacking

Cryptojacking is popular because the risk of being caught is so much lower than with other forms of cybercrime like ransomware, which requires that victims pay up in order to be successful.

Those impacted by cryptojacking may see their computer systems slow down dramatically and their electricity bills skyrocket. Because that’s how Bitcoin mining works: the costs of computer hardware and electricity are often the biggest drags on the profits of cryptominers.

Meanwhile, even bigger risks exist: once a hacker has infiltrated a victim’s computer, they may be able to jump to other areas of the network and steal data or intellectual property.

Image Credit: ipopba / iStock.

Famous Cryptojacking Incidents

Crypto mining malware has been known to be around since at least 2011, but cryptojacking ramped up in late 2017 as more people started investing in cryptocurrencies. The more valuable a cryptocurrency, the greater the incentive to mine it.

Cryptojacking became so prevalent that in April 2018, Google announced it would stop listing extensions for its Chrome browser that mines cryptocurrency. The internet giant found that 90% of such software on its webstore violated policies.

Several media outlets have reported that a number of companies and organizations have been victims of cryptojacking. In February 2018, security firm Redlock spotted that electric carmaker Tesla’s cloud was infected by cryptojacking malware.

Other cases have included code-collaboration website Github, said security company Avast in March 2018, U.K. insurer Aviva Plc and Britain’s National Health Service, according to an April 2018 article by the Financial Times. Meanwhile, the Harvard Crimson reported back in 2014 that the university’s research network was used for mining Dogecoin.

Coinhive, which made software that allowed websites to use visitor’s computers to mine anonymous cryptocurrencies, shuttered in 2019. While some users were legitimate and upfront to their visitors about using Coinhive, its software was also popular among hackers.

A dramatic decline in Monero prices prompted Coinhive’s closure. However, a July 2020 cyber threat report found that even after Coinhive ceased operations, its software was still found to be working. Meanwhile, some cryptojacking activity had shifted to other mining providers.

Image Credit: iStock.

How to Detect Cryptojacking

Cyber security experts say that it can be difficult to detect cryptojacking because such malware operates differently from other types of malware. That’s why surreptitious mining can go undetected on an internet user’s computer, even if they have anti-virus software installed.

People can try to detect cryptojacking by paying attention to their computer’s performance. Signs of cryptojacking could include the device’s fan making noise, a spike in the computer’s Central Processing Unit (CPU), as well as overheating.

Cyberjacking has been known to be more prevalent on movie-streaming and gaming websites, where the code can mine for an hour or more uninterrupted, while the victim is unaware.

Image Credit: Ivan-balvan / iStock .

Tips to Prevent Crypto Mining Malware

  1. Avoid certain websites. Browser extensions can help with avoiding websites that host the crypto mining code.
  2. Monitor computer performance and look for signs of overheating. Pay attention to the behavior of the computer’s CPU.
  3. Take training on how not to fall prey to phishing attempts. This step is particularly important to corporations looking to prevent employees from clicking on phishing e-mails.
  4. Update devices with the latest patches that help prevent attackers from taking advantage of vulnerabilities in computer systems.
  5. Frequently change computer and device credentials, making them less likely to see unauthorized access.
  6. Lastly, it’s important that investors familiarize themselves with cryptocurrency rules and regulations to keep abreast on the latest trends and practices of hackers.

Image Credit: Velishchuk / iStock.

The Takeaway

Cryptojacking is a relatively new form of cybercrime that has exploded as more people learn what is Bitcoin. Cryptojacking involves embedding malware onto an internet user’s device and stealing computing power in order to mine new digital currencies.

It’s an example of how as more investors buy cryptocurrencies, new forms of criminal activity have also cropped up, as perpetrators gravitate toward the anonymous nature of digital currency transactions. Anyone can be a victim of cryptojacking. Those affected have included everyday individuals, government organizations and mega-corporations.

Internet users can take steps to protect themselves from cryptojacking by being wary of phishing attempts and installing anti-crypto-mining web extensions. They should also monitor for any overheating or decrease in performance by their computer.

Learn more:

This article originally appeared on SoFi.comand was syndicated by

SoFi Invest

The information provided is not meant to provide investment or financial advice. Investment decisions should be based on an individual’s specific financial needs, goals and risk profile. SoFi can’t guarantee future financial performance. Advisory services offered through SoFi Wealth, LLC. SoFi Securities, LLC, member FINRA  / SIPC  . SoFi Invest refers to the three investment and trading platforms operated by Social Finance, Inc. and its affiliates (described below). Individual customer accounts may be subject to the terms applicable to one or more of the platforms below.

1) Automated Investing—The Automated Investing platform is owned by SoFi Wealth LLC, an SEC Registered Investment Advisor (“Sofi Wealth“). Brokerage services are provided to SoFi Wealth LLC by SoFi Securities LLC, an affiliated SEC registered broker dealer and member FINRA/SIPC, (“Sofi Securities).

2) Active Investing—The Active Investing platform is owned by SoFi Securities LLC. Clearing and custody of all securities are provided by APEX Clearing Corporation.

3) Cryptocurrency is offered by SoFi Digital Assets, LLC, a FinCEN registered Money Service Business.

For additional disclosures related to the SoFi Invest platforms described above, including state licensure of Sofi Digital Assets, LLC, please visit Neither the Investment Advisor Representatives of SoFi Wealth, nor the Registered Representatives of SoFi Securities are compensated for the sale of any product or service sold through any SoFi Invest platform. Information related to lending products contained herein should not be construed as an offer or pre-qualification for any loan product offered by SoFi Lending Corp and/or its affiliates.

Crypto: Bitcoin and other cryptocurrencies aren’t endorsed or guaranteed by any government, are volatile, and involve a high degree of risk. Consumer protection and securities laws don’t regulate cryptocurrencies to the same degree as traditional brokerage and investment products. Research and knowledge are essential prerequisites before engaging with any cryptocurrency. US regulators, including FINRA  , the SEC  , and the CFPB  , have issued public advisories concerning digital asset risk. Cryptocurrency purchases should not be made with funds drawn from financial products including student loans, personal loans, mortgage refinancing, savings, retirement funds or traditional investments.

Investment Risk: Diversification can help reduce some investment risk. It cannot guarantee profit, or fully protect in a down market.

Third Party Brand Mentions: No brands or products mentioned are affiliated with SoFi, nor do they endorse or sponsor this article. Third party trademarks referenced herein are property of their respective owners.

Image Credit: RobertAx / iStock.