What is Cryptojacking, and How Can You Protect Your Device From an Attack?


Crypto’s bull run early this year has resulted in increased cryptojacking incidents. Here’s a lowdown on what the term means, and how you can protect your devices against it.

In the last couple of years, cryptocurrency has grown in leaps and bounds. It all began when Satoshi Nakamoto (a pseudonym) first created Bitcoin in 2009. A little over a decade later, today, there are over 4,000 cryptocurrencies in existence.

While cryptocurrencies have significantly changed the finance world, they come with many cons. And it’s not just the environmental cost of crypto mining. Crypto’s bull run early this year has attracted many cybercriminals to the industry. According to a recent report by security firm Kaspersky, incidents of cryptojacking have soared in the first quarter of 2021.

Lately, the crypto space has also given rise to a new scam – cryptojacking.

What is cryptojacking?

In order to verify transactions on the blockchain and make new crypto coins, individuals have to solve complex mathematical algorithms or puzzles—a process known as mining. Individuals require powerful systems to verify transactions and add a new block on the blockchain.

Large mining farms in countries such as China have dedicated computer rigs to mine crypto. As the process involves powerful systems, it also takes up massive amounts of electricity. This is why, “cryptojackers,” who wish to mine crypto without incurring costs of mining hardware or exuberant electricity bills, hack into other devices.

Cryptojacking is a type of scam in which hackers use someone else’s device without their knowledge to mine cryptocurrency. The hackers install malware—often called miners—on a computer or mobile device. They then use the device’s energy to mine crypto in the background, while the unsuspecting victim uses their device.

Compared to other types of malware attacks, cryptojacking is harder to detect. It doesn’t damage a user’s device or data. It can, however, cause decreased performance, and overheat the devices.

Moreover, once detected, it is hard to trace the malware to the source, and hackers prefer mining cryptocurrencies like Monero and Zcash. These are harder to trace compared to more popular ones like Bitcoin.

How does cryptojacking affect devices?

Cryptojacking can be done in a couple of ways.

First, hackers can infect a website or an online ad with JavaScript code through a hacking process called ‘drive-by.’ When users visit the website, the script auto-executes on their browser. This type of hacking only affects the browser. Every time the victim uses their browser, the code runs in the background, and mines crypto.

Sometimes, even closing a browser is not sufficient to prevent the script from running. Often, hackers use a simple trick to create a hidden pop-up window that fits under the taskbar. As this window goes undetected, the mining continues unhindered.

In 2018, over 60 million Android users were infected by a miner coded into ads. Users who encountered these pop-up ads were redirected to malicious websites. During this time, the malware would mine crypto using the device’s computing power. The attack usually goes undetected as the process remains silent.

The second means to hack a device is by sending emails with malicious links. When a user clicks the link, it automatically runs the crypto mining code and adds the script on the device. This method infects the entire device and the code runs in the background whenever the victim uses their device.

In both cases, once a browser or device is infected, the code uses up the CPU’s power to perform complex calculations. The data is simultaneously sent to a server controlled by the hacker.

Often, hackers can also use both hacking vectors to “maximize their return.” For instance, if a hacker uses 50 different devices to mine crypto, half of them could be using code on their systems installed through malicious emails. Meanwhile, the remaining half could be mining through an infected browser.

Preventing cryptojacking

As cryptojacking largely goes undetected, it is important to take measures to prevent an attack and minimize the impact on your device.

Install ad-blockers and browser extensions: Installing ad-blockers can detect and block any infected ads, thereby automatically preventing malicious code from running on your device. Similarly, anti-crypto-mining extensions on web browsers can also prevent cryptojacking scripts from running on your browser. MinerBlock, No Coin, and Anti Miner are some examples of browser extensions.

Scan for malware: Use cybersecurity software to regularly scan for malware on your system. Such security software can detect any cryptojacking malware on your system and protect your device.

Avoid opening suspicious links in emails: It is important to be cautious about the emails you receive, especially those that come with a link. Double-check the authenticity of the sender before you click any links on a suspicious email.

Only install trustworthy apps and software: Whenever you install software or an application on your device, make sure it is authentic and comes from a trustworthy source.

Avoid visiting unfamiliar websites: To prevent cryptojacking attacks through browsers, be careful about visiting unfamiliar websites. In addition, you can block or blacklist any website known for cryptojacking.

With cryptojacking incidents on the rise, users need to be cautious. Cryptojacking was common during the crypto boom in 2017-18. They accounted for around 5% of all malware in 2018, according to Kaspersky. For instance, in 2018, an L.A. Times-run website The Homicide Report was hacked with a cryptojacking code. Hackers then mined Monero on the devices of whoever visited the page.

In another example the same year, cryptocurrency mining malware was found on the operational technology network of a European water utility control system. The incident significantly hampered the operator’s ability to manage the utility plant.

However, as large mining farms began emerging, a single device’s resources essentially became irrelevant. As a result, the incidents of cryptojacking went down in the last two years.

But, with the recent surge in crypto’s popularity, cryptojacking has made a comeback. As per Kaspersky’s report, 200,045 users encountered miners on their devices in March, compared to 187,746 in January. In the first quarter of 2021, a total of 432,171 unique users encountered miners.

“It’s too early to say for sure if the trend we’ve noted in Q1 2021 is here to stay,” Evgeny Lopatin, a security expert at Kaspersky, noted in the report. “However, it does seem that the increase in the value of Bitcoin and other cryptocurrency has sparked a renewed interest in miners.”

“If the crypto markets remain strong this year, it’s likely we’ll continue to see more instances of users encountering miners.”

Header image by Tumisu from Pixabay


Share on facebook
Share on twitter
Share on linkedin
Share on email


Elon Musk Buy Next

What Is Elon Musk Going to Buy Next?

There are moments in our lives—perhaps we are in the shower or struggling to sleep at 2 A.M.—when we think about all the ways we could influence the world. We find solutions to crypto volatility, world hunger and our neighbor’s ultra-dry plants.

5 Technologies

5 Technologies That Are on Stage in Russia’s Invasion of Ukraine So Far

On February 21, 2022, Vladimir Putin, President of the Russian Federation, declared the independence of the Donetsk People’s Republic and Luhansk People’s Republic. Arousing international outcry, this ignited the ultimate invasion of Russia on Ukraine three days later. While Ukrainians are still defying Putin’s covetous ambitions, new technologies have been floating on the surface to take advantage of each other.

Technology Joy Ghose

Technology Pioneers – Interview With Joy Ghose of FreeD Group

Over the past 15 years, the Chief Commercial Officer (CCO) of FreeD Group Limited, Joy Ghose, has accumulated plenty of experience in the travel and technology industry. Before joining FreeD Group, Ghose was involved in sales, marketing and management roles at companies like Merlin Entertainments and The Hong Kong Tourism Board.

Creamy Mattes and Beyond Reviewing GoPlay Cosmtics’ Custom Lipstick Maker

To Creamy Mattes and Beyond: Reviewing GoPlay Cosmtics’ Custom Lipstick Maker

While researching for our piece on personal color analysis, I came across the LIPSKIT, a custom lipstick-making tool created by GoPlay Cosmetics. GoPlay Cosmetics is a DIY (do-it-yourself) make-up brand that is looking to prioritize sustainability in the make-up industry without compromising the variety of your lipstick collection.

Ledger vs Trezor

Ledger vs Trezor: Where Should You Store Your Crypto Holdings?

As lucrative as the cryptocurrency world is, it comes with a high risk of losing your crypto because of hacks. To make sure that your crypto holdings stay safe with you, you must carefully choose effective storage solutions for them. One of the ways to keep your crypto secure is by holding it in a hardware wallet.