What is Cryptojacking?
Cryptojacking is an attack where the attacker runs cryptocurrency-mining software on your hardware without your permission. The attacker keeps the cryptocurrency and sells it for a profit, and you get stuck with high CPU usage and a hefty electricity bill.
While Bitcoin is the most widely known cryptocurrency, crypto jacking attacks usually involve mining other cryptocurrencies. Monero is particularly common, as it’s designed so people can mine it on average PCs. Monero also has anonymity features, which means it’s difficult to track where the attacker ultimately sends the Monero they mine on their victims’ hardware. Monero is an “altcoin,” which means a non-Bitcoin cryptocurrency.
Mining cryptocurrency involves running complex math equations, which use a lot of CPU power. In a typical crypto jacking attack, the mining software will be maxing out your PC’s CPU. Your PC will perform slower, use more power, and generate more heat. You might hear its fans spin up to cool itself down. If it’s a laptop, its battery will die faster. Even if it’s a desktop, it will suck down more electricity and increase your electric bill.
The cost of electricity makes it hard to profitably mine with your own PC. But, with crypto jacking, the attacker doesn’t have to pay the electricity bill. They get the profits and you pay the bill.
Which Devices Can Be Cryptojacked?
Any device that runs software can be commandeered for cryptocurrency mining. The attacker just has to make it run mining software.
“Drive-by” crypto jacking attacks can be performed against any device with a browser—a Windows PC, Mac, Linux system, Chromebook, Android phone, iPhone, or iPad. As long as you have a web page with an embedded mining script open in your browser, the attacker can use your CPU to mine for currency. They’ll lose that access as soon as you close the browser tab or navigate away from the page.
There’s also crypto jacking malware, which works just like any other malware. If an attacker can take advantage of a security hole or trick you into installing their malware, they can run a mining script as a background process on your computer—whether it’s a Windows PC, Mac, or Linux system. Attackers have tried to sneak cryptocurrency miners into mobile apps, too—especially Android apps.
In theory, it would even be possible for an attacker to attack a smart home device with security holes and install cryptocurrency mining software, forcing the device to spend its limited computing power on mining cryptocurrency.
Cryptojacking in the Browser
cognitive was the first mining script to achieve public attention, especially when it was integrated onto The Pirate Bay. However, there are more mining scripts than cognitive, and they’ve been integrated into more and more websites.
In some cases, attackers actually compromise a legitimate website and then add cryptocurrency mining code to it. The attackers make money through mining when people visit that compromised website. In other cases, website owners add the cryptocurrency mining scripts on their own, and they make the profit.
This works on any device with a web browser. It’s typically used to attack desktop websites as Windows PCs, Macs, and Linux desktops have more hardware resources than phones. But, even if you’re viewing a web page in Safari on an iPhone or Chrome on an Android phone, the web page could contain a mining script that runs while you’re on the page. It would mine more slowly, but websites could do it.
How to Protect Yourself from Cryptojacking in the Browser
We recommend running security software that automatically blocks cryptocurrency miners in your browser. For example, Malwarebytes automatically blocks CoinHive and other cryptocurrency mining scripts, preventing them from running inside your browser. The built-in Windows Defender antivirus on Windows 10 doesn’t block all in-browser miners. Check with your security software company to see if they block mining scripts.
While security software should protect you, you can also install a browser extension that provides a “blacklist” of mining scripts.
On an iPhone, iPad, or Android device, web pages that use cryptocurrency miners should stop mining as soon as you navigate away from your browser app or change tabs. The operating system won’t let them use a lot of CPU in the background.
On a Windows PC, Mac, Linux system, or Chromebook, just having the tabs open in the background will allow a website to use as much CPU as it wants. However, if you have software that blocks those mining scripts, you shouldn’t have to worry.
Cryptojacking malware is becoming increasingly common, too. Ransomware makes money by getting onto your computer somehow, holding your files for ransom, and then demanding you to pay in cryptocurrency to unlock them. Cryptojacking malware skips the drama and hides in the background, quietly mining cryptocurrency on your device, and then sending it to the attacker. If you don’t notice your PC is running slowly or a process is using 100% CPU, you won’t even notice the malware.
Like other types of malware, an attacker has to exploit a vulnerability or trick you into installing their software to attack your PC. Cryptojacking is just a new way for them to make money after they’ve already infected your PC.
People are increasingly trying to sneak cryptocurrency miners into legitimate-seeming software. Google had to remove Android apps with cryptocurrency miners hidden in them from the Google Play Store, and Apple has removed Mac apps with cryptocurrency miners from the Mac App Store.
This type of malware could infect practically any device—a Windows PC, a Mac, a Linux system, an Android phone, an iPhone (if it could get into the App Store and hide from Apple), and even vulnerable smart home devices.
How to Avoid Cryptojacking Malware
Cryptojacking malware is like any other malware. To protect your devices from attack, be sure to install the latest security updates. To ensure you don’t accidentally install such malware, be sure to only install software from trusted sources.
On a Windows PC, we recommend running antimalware software that will block cryptocurrency miners—like Malwarebytes, for example. Malwarebytes is also available for Mac and will block concurrency miners for Mac, too. We recommend Malwarebytes for Mac, especially if you install software from outside the Mac App Store. Perform a scan with your favorite antimalware software if you’re concerned you’re infected. And the good news is that you can run Malwarebytes right alongside your regular antivirus app.
On an Android device, we recommend only getting software from the Google Play Store. If you sideload apps from outside the Play Store, you’re putting yourself more at risk of getting malicious software. While a few apps have gotten through Google’s protection and snuck cryptocurrency miners into the Google Play Store, Google can remove such malicious apps from your device after finding them, if necessary. If you install apps from outside of the Play Store, Google won’t be able to save you.
You can also keep an eye on your Task Manager (in Windows) or Activity Monitor (on a Mac) if you think your PC or Mac is running particularly slow or hot. Look for any unfamiliar processes that are using a large amount of CPU power and perform a web search to see if they’re legitimate. Of course, sometimes background operating system processes use a lot of CPU power as well—especially on Windows.
While many cryptocurrency miners are greedy and use all the CPU power they can, some cryptocurrency mining scripts use “throttling.” They may use just 50% of your computer’s CPU power instead of 100%, for example. This will make your PC run better, but also allows the mining software to better disguise itself.
Even if you aren’t seeing 100% CPU usage, you may still have a cryptocurrency miner running on a web page or your device.