Crypto jacking is a malicious method of crypto mining. It first emerged in 2017 when CoinHive published code on its website. The code was a mining tool added to a website so that owners could earn extra income through crypto mining.

People earn cryptocurrency (coins) through mining. They use expensive hardware (high-end CPUs, data mining hardware, and servers), processing power, and electricity to solve complex algorithms. Hackers changed the mining tool and used it to steal processing power from users through browsers or installed applications. Essentially, they could earn coins without buying any hardware.  

What Is Crypto Mining?

Many cryptocurrencies, a famous example being Bitcoin, use blockchain systems to validate transactions. Mining cryptocurrency adds transactions to the blockchain, which records all previous transactions.

Adding more blocks to the chain requires proof of work from a miner. It is a complex algorithm that needs to be difficult for a CPU to decipher. The miner is rewarded with coins in their wallet when the algorithm is solved.

Miners can use their mining hardware and computers. This is costly and might not be a profitable exercise for the miner because the hardware costs might outweigh the value of the mined coins.

It is also possible for miners to buy CPU power from the cloud. They can use the resources of data centres to generate coins, although this method includes subscription fees and a cap on how much someone can mine.

What Is Crypto Jacking?

Hackers took cloud crypto mining further by using CoinHive’s code to write their scripts. These scripts maliciously drew CPU power from website visitors and other computer users.

They now use a variety of malicious software to hijack the processing power of personal or business networks. These hackers use the processing power of unaware users to add coins to their wallets.

Hackers use websites, files, and the cloud to gain access to and drain a system’s resources. They only need a user to opt-in to install or run a script, which runs undetected on a user’s computer.

How it works is hackers devise emails that look convincing with infected links containing these scripts. It could be a long-lost relative seeking to make a connection or a dream business opportunity. They then send them to employees at a company who open them up.

Hackers only need the user to click on a link or an attachment in the email. As soon as they do, the script runs and siphons CPU resources.

Additionally, hackers hide malicious scripts on Windows applications. They only need the user to install the app for the script to use CPU power.

For example, in 2018, hackers created fake Adobe Flash updates. Bundled with the official software, it would have been difficult for a user to spot malicious files. Many other applications might contain these scripts too.


How It Works

Crypto jacking hackers are also known as threat actors. They compose or search for files or code to embed their scripts in. After this, they wait for users to execute the script by installing an application or visiting a specific site. Then, the script begins running in the background.

The script siphons processing power to solve algorithms to add blocks to the blockchain. The threat actors receive coins for solving each problem. It is simple to execute, and the potential reward is quite high.

Threat actors need more and more CPU power to mine more efficiently, so their scripts could significantly slow down many of a company’s systems. Computers and other devices might crash due to the performance strain. These devices would be costly for companies to repair or replace.

Website and Cloud Crypto mining

Websites run JavaScript to display advertisements. There are ads on almost every webpage on the Internet. Threat actors write their scripts and hide them in these ads. Users click on these ads, and the script begins drawing processing power in the background.

Website owners can ask their visitors’ permission to allow mining while the visitor is on their site, but some do not. Other websites run the script even after the user has left the site. A famous example would be PirateBay, a popular torrent site. The website had mining scripts installed and was mining without their users’ permission.

Cybercriminals also comb through cloud API keys to find cloud access to the platform. They then use almost unlimited CPU resources for mining crypto. For example, they reroute server CPUs and can install scripts on network devices. This could cause a massive strain on a network’s performance because hackers could install the scripts on any device connected to the cloud platform.

How To Detect It

Threat actors write small lines of code. These scripts can easily go under the radar and slip through distracted users’ defences. Here are a few ways of spotting those scripts on a computer or device.

Increased CPU Usage

Crypto jacking draws power from a CPU to add blocks to the blockchain. Consequently, it slows down a user’s computer. The extra power the computer uses leads to higher electricity bills because the more processing power used, the more electricity a computer draws.

All in all, it is best to monitor a computer’s CPU usage and to keep a record of all high-usage applications.


Computers and devices infected with malicious scripts might also overheat due to the massive amounts of power. Overheating causes hardware failure, like hard drive crashes and heatsink failures, which may result in costly repairs.

Keep an eye on which devices are running hotter than usual.

Malware Scans

Additionally, it is a good practice to scan for malware on a network or computer routinely. Anti-virus software might detect the scripts before they seriously damage your systems. They are especially useful when scanning email attachments and applications.

Anti-virus could easily detect, quarantine, and remove any malicious files.


EDR Solutions

EDR (End-point detection and response) solutions are also helpful. These solutions could pick up any abnormal behaviour on a system. So, it would notice if an application used more processing power than necessary.

EDR also has threat-hunting capabilities, which would make it easier for IT teams to investigate any abnormally high CPU usage on the network. They could also access a record of all actions made by a single device on the network. This allows an IT team to isolate and contain any unauthorised mining attempts.

Stay Updated

Knowledge is power, and keeping up to date with the latest crypto jacking methods is useful. For instance, knowing which methods hackers use would make it easier for users to spot suspicious activity on their computers.

There have been many past crypto jacking attempts and successes, and most of them are well-recorded. It is wise to see the scope and insidiousness of previous crypto jacking incidents.

Website owners also need to routinely check their sites for malicious code that hackers could embed in the site. Threat actors search for vulnerable sites that might have outdated WordPress plugins or vulnerable JavaScript on their sites.

How To Avoid It

Hackers rely on the ignorance of their victims. So, IT teams and employees must receive training on the methods used by hackers. They need to know about the steps involved in crypto jacking. They should be able to identify symptoms like slower devices and overheating hardware.

Educate Your Team

Employees need to know which protocol to follow when receiving suspicious emails. They should not click on any attachments from unfamiliar email addresses.

Threat actors could also disguise themselves as company employees by using a similar email address, so employees must be hyper-vigilant when handling their emails. They also need to be aware of common phishing scams, and they should scan for malicious software after every application they install.

New IT Training and Tools

More importantly, IT teams need training in using Windows PowerShell. They can use this application to search for malicious scripts in applications on the network’s computers.

Teams can also use PowerShell to install specific security scripts, which help identify network vulnerabilities and workstation security capabilities and monitor attacks on the network.

IT teams can also install software to minimise the risk of unauthorised mining. Software-like browser extensions like No Coin, a browser extension that explicitly blocks crypto mining, do this exclusively.

Blocking Software

AdBlockers are effective at blocking ads that contain malicious scripts. AdBlock uses a Cryptocurrency Mining Protection List, which blocks sites from mining coins on a user’s browser.

Blocking JavaScript is another preventative measure. However, many websites need JavaScript to operate correctly, so this measure might be a bit extreme. IT teams could only use this as a quarantine practice by blocking JavaScript on specific sites or even blocking those sites.

Final Thoughts

Hackers do not need massive resources for crypto jacking. As a result, it is easier to attempt.

If crypto mining remains profitable, these attempts will continue. Therefore, companies and private users must know how to detect abnormal CPU usage, computer slow-downs, and overheating hardware.

Installing adblockers and browser extensions is vital to limit and avoid crypto jacking.