What is Cryptojacking Featured

What is Cryptojacking? How to Detect and Prevent it

Last edited: November 22, 2020
Reading time: 10 minutes, 6 seconds
Click here for a short summary of this article
Summary - What is Cryptojacking? How to Detect and Prevent it

Cryptojacking is a type of cybercrime where hackers use your computer to mine cryptocurrency. They do this because cryptomining can be quite lucrative, but also taxing on a system’s hardware and power. So they prefer to use yours. They’ll let you foot the bill for the used electricity as well.

That is why it is important to be able to detect cryptojacking, so that you can avoid it happening to you or stop it if necessary. Signs that point to cryptojacking are an underperforming computer, an overheating device and an increased use of the CPU.

Detecting, preventing and stopping cryptojacking isn’t easy, since new forms of this type of cybercrime often don’t leave a trace on your computer. That is why we recommend that you read our article about cryptojacking below, so you can defend yourself from this vicious type of cybercrime.

A new type of cybercrime came into being after the arrival of Bitcoin and other cryptocurrency on the financial scene: cryptojacking. Cryptojacking means that someone else’s computer is used to mine cryptocurrency. This article will describe what cryptojacking is exactly, how to detect and prevent it and what you can do if it happens to you.

To really understand cryptojacking you also need to know what cryptomining (and Bitcoin mining) is, since this is the goal of a “cryptojacker”. That is why we will start off by explaining what cryptomining is.

What is Bitcoin Mining and Cryptomining?

Bitcoin Miner

To understand Bitcoin- and cryptomining, you first need general knowledge about blockchain technology. We will focus on Bitcoin, since this is the most common cryptocurrency. In a way, the blockchain is the digital ledger in which all cryptocurrency transactions are registered. When you have a computer or a system with crypto-software, you will have a copy of this blockchain on your computer. However, not all cryptocurrencies are based on blockchain technology.

How does cryptomining work?

A cryptominer verifies a cryptotransaction, for instance a Bitcoin transaction. When looking at Bitcoin, the miner can earn money by verifying one “block” of Bitcoin transactions. One of these blocks is 1 MB of data. So to earn Bitcoin it could mean that a miner only has to verify one transaction, but it can also mean that they have to verify a thousand. This completely depends on the complexity and the data of the transactions. When a block has been verified by a miner it is added to the blockchain.

Or to put it differently, in exchange for the verification that is done by the Bitcoin miner, Bitcoin rewards him or her with Bitcoin. The miner can use this to invest (Bitcoin is globally increasing in value) or use it for online payments. Generally speaking, this is how cryptomining (so not just Bitcoin mining) works.

Why Bitcoin mining?

The reason why miners choose to mine cryptocurrency is quite simple: they want to earn money, in this case in the form of cryptocurrency. Bitcoin profits from cryptomining in two ways as well. First of all, cryptominers make sure that people don’t abuse the system by spending the same Bitcoin twice, since they check all the transactions. On top of that, miners also introduce new Bitcoin to the network, since they receive their payment in Bitcoin, which makes it grow. It is expected that this system will be replaced around 2140. Bitcoin will then move to a system where Bitcoin users will cover the cost of verifying transactions.

What is Cryptojacking and Why Does it Happen?

Cryptomining usually requires special, very powerful, hardware and a lot of electricity. Many cryptominers really want to mine Bitcoin, but they don’t want to pay for the cost of the hardware and electricity. That is why they take over someone else’s computers and systems, so that they can do the work. And that is called cryptojacking. Similar to a botnet, your computer will be put at the disposal of a hacker.

You might think that you can’t become a victim of cryptojacking because you don’t own any of this powerful “cryptojacking hardware”. But sadly, that is not true. Usually, cryptojackers don’t target specific systems – more on that later. Also, there are many cryptocurrencies that can be mined without a special “dedicated GPU” (a graphics card made for intense graphic work or cryptomining) or any other specific hardware. A cryptocurrency like Monero can be mined by using CPUs (the central processor that is in every desktop). So you should never assume that you are safe from cryptojacking.

Cryptojacking might not have immediate negative effects on yourself, but it does mean that your hardware will break down sooner and your electricity bill will go up. So it will cost you money. Later in this article we will explain how to detect and prevent cryptojacking, so that you can avoid these costs. But first we’ll explain how cryptojackers access your computer, so that you’ll know what to look out for if you want to prevent cryptojacking.

How Does a Cryptojacker Access my Computer?

Hacker

There a two main ways in which a cryptojacker can access your computer.

  • The hacker will inject a “cryptojacking script” directly onto your computer as soon as you click on a certain illegitimate link. This is often combined with phishing techniques.
  • The hacker will place the “cryptojackingscript” on a well-visited website, so that every computer that goes to this site will start cryptomining automatically.

Note: the second method of cryptojacking, through the use of well-visited websites, is very difficult to detect since no cryptominingcode will be placed on your computer. In this case, the script is run on your computer directly from your browser and not from your computer. That is why most antivirus software will not detect this form of cryptojacking, also known as “browser-based cryptomining”.

The script that accesses your computer in the above-mentioned ways will make sure that your system will be cryptomining in the background, so without you noticing. The second way, so through websites, is most common. Which is tricky, cause that means that you can be cryptojacked without even noticing. Thankfully, there are ways to avoid this, which we will talk about at the end of this article.

What are the Consequences of Cryptojacking?

Slow computer

The cryptojacking code will work in the background of your system without you noticing. The CPU- and GPU-power, the RAM and bandwidth of your computer, will then be used to mine cryptocurrency. This will suddenly make your computer a lot slower. Your computer will also break down faster because of this intensive use. It can also lead to higher electricity bills. So in the end, it will cost you money and you don’t benefit from it in any way. Moreover, you probably wouldn’t be comfortable with someone else using your system for illegal activities. After all, there is nothing illegal about cryptomining itself, but cryptojacking definitely is.

How to Detect Cryptojacking

It can be quite difficult to see whether you’ve been infected by a cryptojacking script, since these scripts are often not detected by your antivirus software and firewall. But there are still some ways in which you can check whether you’ve become a victim of cryptojacking. Below, we have listed some clues that could point to the fact that your computer has been taken over by a cryptojacker.

Tips to detect cryptojacking

  • Keep an eye on the performance of your computer – since cryptomining takes a toll on your hardware, your computer will perform at a much lower level than usual when you have been cryptojacked.
  • Beware of overheating – cryptojackers will really put your computer to work, so your computer can easily get overheated. Your computer’s fans might also be a lot louder than usual, since they need to work overtime to cool your computer down.
  • Check Windows Task Manager – when you go to Windows Task Manager you can check whether there is something suspicious going on with your computer. In the Task Manager you can find all the processes that are going on in the background. Check whether there is something there that you don’t recognize and doesn’t belong on your computer. This will also give you an idea of which processes are a strain on your CPU, GPU, or power, which are all things that could point to you having been cryptojacked. The advantage is that you can immediately stop such a process in the Task Manager.
  • Use reliable antivirus software, such as Bitdefender, to detect cryptomining malware. Note: many cryptominingscripts won’t be detected as malware by antivirus software. But cryptojackingscripts that get onto your computer through phishing techniques can be detected. That is why great antivirus software is still very important.
  • Check your browser icon – even if you close down your browser, cryptojackers can still continue their work. You might not have any active browser windows, but you can see that the browser icon is still active.
  • Check for ‘strange’ file names – do you own a website? Then you could have been infected by files with names such as ccminer.exe. All crypto-related names that don’t look familiar could indicate that your website has been cryptojacked.

How to Avoid Getting Cryptojacked

It is nearly impossible to completely protect yourself from cryptojacking. This is only possible if you stay away from the internet. After all, you don’t have any control over the scripts that are installed on other websites. But there are still some steps you can take to make the chances of you being cryptojacked as small as possible.

Anti-cryptojacking measures

  • Adlock LogoUse an ad-blocker – cryptominingscripts are often hidden in ads on websites. So by using an ad-blocker you can avoid some forms of cryptojacking. Some ad-blockers, such as Adblock Plus, even have a feature with which they can detect some cryptominingscripts.
  • Use special extentions that detect cryptomining scripts on websites, such as NoCoin and MinerBlock.
  • Make sure that you always use antivirus software – antivirus software is great if your computer has been infected by a cryptojacking script. Just like with regular viruses or malicious code, you can quarantine a script and then delete it. On top of that, a lot of antivirus software nowadays offers preventative options that can detect cryptomining scripts.
  • Make sure that you use a firewall that you keep up-to-date – this tip is very important when your computer is part of a larger network that uses a collective firewall. If you suspect that a webpage has a cryptomining script, it is very important that the network firewall is updated so that you and others in the network can no longer visit this page.
  • Disable Javascript – Javascript is probably the most common script on websites. That is why many cryptominings cripts are hidden in Javascript elements. So disabling Javascript can really help to prevent cryptomining. There are several ways to do this. You can use a free browser extension (like Quick Javascript Switcher) and a special feature in the Tor-browser.
  • Don’t fall for phishing e-mails and messages – nowadays, cryptojacking usually happens through open tabs in your browser. But the “traditional” version of cryptojacking, where your system gets infected by malware, is still used as well. This mostly happens through malicious links in phishing e-mails. So don’t click on these links!

Help! I’ve Been Cryptojacked. What do I do Now?

Don’t panic if you have been cryptojacked. It’s no fun when it happens, but do realize that cryptojackers don’t mean to directly cause you any damage. They’re simply using your system; these cybercriminals usually aren’t looking for your sensitive data or money.

But of course you want to stop the cryptojacking as soon as possible. How to go about this depends on the type of cryptojacking. If you’ve discovered that there is a cryptomining script on your system you should delete this file as soon as possible. Should you only have a hunch that there is cryptomining code on your computer because you’ve clicked on a suspicious link and your computer is suddenly under-performing, it’s best that you start by scanning your computer for viruses. If your antivirus software finds the culprit, you should immediately delete that file.

Have you fallen victim to cryptojacking in your browser? Then it’s usually simply a case of closing the window, since there is no cryptomin gcode on your computer. But some cryptomining scripts can keep running in the background. So it’s always a good idea to check your Task Manager for processes that use a lot of CPU, GPU, and power. Did you find one and you don’t recognize what it is? Then you can stop it manually.

Remember: cryptojacking is a very misleading type of cybercrime that is difficult to detect. But if you look out for the signs and use the tips in this article you will limit the chances of being cryptojacked and lower the impact of it when it does happen.

Cryptojacking - Frequently Asked Questions

Do you have a question about cryptojacking that you want to have answered quickly? Check out our FAQ below. Is your question not there? Feel free to contact us in the comment section.

Cryptojacking is a trick used by cybercriminals to use your computer to “mine” cryptocurrency, such as Bitcoin. They do this because cryptomining can be quite lucrative, but also taxing on your hardware and electricity. To put it simply: they would rather have you foot the bill for the electricity and hardware, than pay for it themselves. Want to learn more? Read our comprehensive article about cryptojacking.

To put it simply, cryptomining is the verification of cryptotransactions to prevent that one cryptocoin or -unit is spent more than once. Cryptomining makes sure that the system of cryptocurrencies stays “honest” and unfraudulent. People mine crypto bacause they will be rewarded with cryptocurrency when they do. And there are no issues there. But there are people who abuse the system and start cryptojacking.

There are some signs that can point to cryptojacking:

  • A computer that is much slower than usual.
  • An overheating computer or a fan that is much louder than normal.
  • An unusually high use of CPU, GPU, and electricity. You can check these in the (Windows) Task Manager.

The signs listed above are only a few of the possible clues that can signal that you’ve been cryptojacked. However, the signs that have to do with the performance and power usage of your computer are the best ways to detect these modern types of cryptojacking. For more signs and information you can read our article on cryptojacking.

Cryptojacking is a vicious type of cybercrime that you usually don’t notice. But there are some steps that you can take to limit the chance of it happening to you:

  • Use an adblocker
  • Disable Javascript
  • Use special browser extensions that can detect cryptomining scripts, such as NoCoin and MinerBlock
Cybersecurity analyst
David is a cyber security analyst and one of the founders of VPNoverview.com. Interested in the "digital identity" phenomenon, with special attention to the right to privacy and protection of personal data.

More articles from the ‘Cybercrime’ section

Comments
Leave a comment
Leave a comment