What is Cryptojacking, and How Can You Protect Your Device From an Attack?


Crypto’s bull run early this year has resulted in increased cryptojacking incidents. Here’s a lowdown on what the term means, and how you can protect your devices against it.

In the last couple of years, cryptocurrency has grown in leaps and bounds. It all began when Satoshi Nakamoto (a pseudonym) first created Bitcoin in 2009. A little over a decade later, today, there are over 4,000 cryptocurrencies in existence.

While cryptocurrencies have significantly changed the finance world, they come with many cons. And it’s not just the environmental cost of crypto mining. Crypto’s bull run early this year has attracted many cybercriminals to the industry. According to a recent report by security firm Kaspersky, incidents of cryptojacking have soared in the first quarter of 2021.

Lately, the crypto space has also given rise to a new scam – cryptojacking.

What is cryptojacking?

In order to verify transactions on the blockchain and make new crypto coins, individuals have to solve complex mathematical algorithms or puzzles—a process known as mining. Individuals require powerful systems to verify transactions and add a new block on the blockchain.

Large mining farms in countries such as China have dedicated computer rigs to mine crypto. As the process involves powerful systems, it also takes up massive amounts of electricity. This is why, “cryptojackers,” who wish to mine crypto without incurring costs of mining hardware or exuberant electricity bills, hack into other devices.

Cryptojacking is a type of scam in which hackers use someone else’s device without their knowledge to mine cryptocurrency. The hackers install malware—often called miners—on a computer or mobile device. They then use the device’s energy to mine crypto in the background, while the unsuspecting victim uses their device.

Compared to other types of malware attacks, cryptojacking is harder to detect. It doesn’t damage a user’s device or data. It can, however, cause decreased performance, and overheat the devices.

Moreover, once detected, it is hard to trace the malware to the source, and hackers prefer mining cryptocurrencies like Monero and Zcash. These are harder to trace compared to more popular ones like Bitcoin.

How does cryptojacking affect devices?

Cryptojacking can be done in a couple of ways.

First, hackers can infect a website or an online ad with JavaScript code through a hacking process called ‘drive-by.’ When users visit the website, the script auto-executes on their browser. This type of hacking only affects the browser. Every time the victim uses their browser, the code runs in the background, and mines crypto.

Sometimes, even closing a browser is not sufficient to prevent the script from running. Often, hackers use a simple trick to create a hidden pop-up window that fits under the taskbar. As this window goes undetected, the mining continues unhindered.

In 2018, over 60 million Android users were infected by a miner coded into ads. Users who encountered these pop-up ads were redirected to malicious websites. During this time, the malware would mine crypto using the device’s computing power. The attack usually goes undetected as the process remains silent.

The second means to hack a device is by sending emails with malicious links. When a user clicks the link, it automatically runs the crypto mining code and adds the script on the device. This method infects the entire device and the code runs in the background whenever the victim uses their device.

In both cases, once a browser or device is infected, the code uses up the CPU’s power to perform complex calculations. The data is simultaneously sent to a server controlled by the hacker.

Often, hackers can also use both hacking vectors to “maximize their return.” For instance, if a hacker uses 50 different devices to mine crypto, half of them could be using code on their systems installed through malicious emails. Meanwhile, the remaining half could be mining through an infected browser.

Preventing cryptojacking

As cryptojacking largely goes undetected, it is important to take measures to prevent an attack and minimize the impact on your device.

Install ad-blockers and browser extensions: Installing ad-blockers can detect and block any infected ads, thereby automatically preventing malicious code from running on your device. Similarly, anti-crypto-mining extensions on web browsers can also prevent cryptojacking scripts from running on your browser. MinerBlock, No Coin, and Anti Miner are some examples of browser extensions.

Scan for malware: Use cybersecurity software to regularly scan for malware on your system. Such security software can detect any cryptojacking malware on your system and protect your device.

Avoid opening suspicious links in emails: It is important to be cautious about the emails you receive, especially those that come with a link. Double-check the authenticity of the sender before you click any links on a suspicious email.

Only install trustworthy apps and software: Whenever you install software or an application on your device, make sure it is authentic and comes from a trustworthy source.

Avoid visiting unfamiliar websites: To prevent cryptojacking attacks through browsers, be careful about visiting unfamiliar websites. In addition, you can block or blacklist any website known for cryptojacking.

With cryptojacking incidents on the rise, users need to be cautious. Cryptojacking was common during the crypto boom in 2017-18. They accounted for around 5% of all malware in 2018, according to Kaspersky. For instance, in 2018, an L.A. Times-run website The Homicide Report was hacked with a cryptojacking code. Hackers then mined Monero on the devices of whoever visited the page.

In another example the same year, cryptocurrency mining malware was found on the operational technology network of a European water utility control system. The incident significantly hampered the operator’s ability to manage the utility plant.

However, as large mining farms began emerging, a single device’s resources essentially became irrelevant. As a result, the incidents of cryptojacking went down in the last two years.

But, with the recent surge in crypto’s popularity, cryptojacking has made a comeback. As per Kaspersky’s report, 200,045 users encountered miners on their devices in March, compared to 187,746 in January. In the first quarter of 2021, a total of 432,171 unique users encountered miners.

“It’s too early to say for sure if the trend we’ve noted in Q1 2021 is here to stay,” Evgeny Lopatin, a security expert at Kaspersky, noted in the report. “However, it does seem that the increase in the value of Bitcoin and other cryptocurrency has sparked a renewed interest in miners.”

“If the crypto markets remain strong this year, it’s likely we’ll continue to see more instances of users encountering miners.”

Header image by Tumisu from Pixabay


Share on facebook
Share on twitter
Share on linkedin
Share on email
Reethu Ravi
Reethu is a Staff Writer at Jumpstart.


Are In-App Advertisements Profitable

Are In-App Advertisements Profitable?

In August 2021, Uber began showing ads in its core app in an attempt to find new avenues for revenue generation. The company aims to earn US$300 million in revenue from ads by 2022. The first company to be featured in Uber’s core app advertisements is Marriott Hotels. The ads pop up on user screens after they book a ride with the app.

What Is a SMART Contract

What Is a SMART Contract?

In August 2021, the cryptocurrency market hit the US$2 trillion mark. The NFT market has been doing equally well, with sales volume surging to US$2.5 billion in the first quarter of 2021. The common thread between these figures is the use of blockchain technology and smart contracts.

Facebook Is Reading Your WhatsApp Chats

Facebook Is Reading Your WhatsApp Chats: Report

Your WhatsApp chats are anything but private, as per a new report by ProPublica. Facebook pays over 1,000 contract workers across Austin, Texas, Dublin and Singapore hourly to sift through millions of private messages, images and videos. The workers can only access the messages that users report.

Innovations in Art at SOTHEBY’S Autumn Auctions

Innovations in Art at SOTHEBY’S Autumn Auctions

This autumn Sotheby’s is collaborating with the K11 group on Sotheby’s highly anticipated Autumn Auctions Preview at K11 Musea between September 18-21. This exhibit will be the grand reveal of over 40 art pieces that the auction house will have for sale between September and October.


OpenSea Bans Insider Trading after Employee Defrauds Buyers

On September 14, 2021, OpenSea, a popular NFT (Non-Fungible Tokens) marketplace startup, admitted to insider trading on their website. Insider trading happens when people—employees or otherwise—use a company’s non-public knowledge to their financial advantage. OpenSea did not reveal the employee’s name; however, Twitter users took advantage of blockchain’s public access and transparency to ascertain who did it.

Traditional vs Influencer Marketing

Traditional vs Influencer Marketing: Influencer Culture in Entrepreneurship

In a day and age when the average person spends more time scrolling through social media than reading a newspaper, influencers, also known as internet celebrities, have become household names. The fact that their massive followings trust their opinions on various topics, from beauty products to online courses, is constantly transforming the dynamic landscape of marketing and entrepreneurship.