How Does Cryptojacking Work?

Did you know that hackers could be mining cryptocurrencies on your computer without your knowledge?


You may have heard about it, or even unknowingly experienced it — your computers suddenly becomes slower and your CPU usage is skyrocketing. You’re not sure what’s happening — cause you’re just browsing the web — it could be that someone has cryptojacked your computer and is using its computing power to mine cryptocurrencies. Today, we’ll talk about that phenomenon, and what you can do about it. Let’s get started, shall we?

The quiet attack

Cryptojacking isn’t super aggressive; the attacker does not necessarily want to steal your personal information, he’s just there to get a piece of your CPU and benefit from the free power. It is a form of stealing nonetheless, but it may not be illegal, as we’ll discuss in a second.

You could be a victim of cryptojacking in one of two ways:

  1. You could install a malicious software that will the mine for cryptocurrencies in the background, or
  2. You may just visit some web page that uses JavaScript to route your processing power towards mining cryptocurrencies.

In both cases, the process happens without you even knowing about it, except that your computer is becoming slower when visiting certain websites. And even then, you may blame the latest Windows update for the drop in performance or the fact that you are running too many apps and/or tabs at the same time. That is why cryptojacking is referred to as a quiet attack.

How to protect yourself from cryptojacking?

As we have noted above, there are two ways of cryptojacking, the first of which involves an app running on your computer. That one is easier to spot with modern anti-malware software being able to detect app that will do “something” in the background. In any case, your best defense is not to install apps from untrusted sources.

As for the second type of “attack,” it is the one that is not necessarily illegal. Rather, it was the site owner who has included a cryptojacking JavaScript in the page to potentially monetize on its website visitors. Or it could be that a hacker has hijacked the page and added the malicious code in it.

The problem with this kind of cryptojacking is that users don’t have to do anything to start the “mining process” — it happens the second they visit the “infected” page. Typically, these scripts will use the visitor’s CPU power to mine for anonymous cryptocurrencies such as Bytecoin and Monero. If it is a work of a hacker, he/she wants to hide his/her identity.

You can protect yourself from this sort of attack by avoiding to visit suspicious web pages or by using some addon that block JavaScripts. The latter could mess up the user experience so you better think twice before turning off all JavaScript code on the page. For that reason, you may want to use dedicated mining blocker chrome extensions or those that block specific scripts. Or you can use Opera which includes mining protections in both its desktop and mobile web browsers.

At the end of the day, you can determine whether your computer is being used for mining cryptocurrencies by checking your CPU utilization.

Why does cryptojacking happen?

Simply put – it’s all about the money. Every time you visit an infected web page, a small portion of work gets done and the person/company who has put the code on that page, gets a small reward. Yes, it is a small reward per person and his/her CPU usage, but when you multiply that with millions of website visits, you come to an impressive figure. And that’s why these sort of activities happen.

As we said it, it’s not just the hackers who benefit from cryptojacking; some large online businesses are also using mining scripts to generate alternative monetization techniques for their businesses. We can’t really agree with this kind of operations, but we do understand that making money from online publishing is getting harder with the day.

And we want to know what you think about cryptojacking? Do you mind businesses borrowing your CPU power while you’re just visiting their website? Comments form is all yours…

Share Your Thoughts