What Is Cryptojacking? How to Detect Mining Malware

By Inyoung Hwang · January 26, 2021 · 5 minute read

We’re here to help! First and foremost, SoFi Learn strives to be a beneficial resource to you as you navigate your financial journey. Read more We develop content that covers a variety of financial topics. Sometimes, that content may include information about products, features, or services that SoFi does not provide. We aim to break down complicated concepts, loop you in on the latest trends, and keep you up-to-date on the stuff you can use to help get your money right. Read less

What Is Cryptojacking? How to Detect Mining Malware

Cryptojacking is a type of cybercrime that occurs when hackers hijack the processing power of unsuspecting internet users in order to generate new cryptocurrencies.

Rising Bitcoin prices often lead people to get into “mining”–the process of using specialized computer hardware to create units of digital currencies. The energy-intensive nature of mining increases the number of individuals looking to steal computing power. Some of the most private cryptocurrencies–Monero and Zcash–are involved in many cryptojacking cases.

Cryptojacking attackers work surreptitiously. Affected users are usually unaware when crypto mining malware runs complex calculations on their computers, sucking up vast amounts of power. People may notice their computers overheating or working much more slowly. But in general, cryptojacking goes undetected much more often than other cybercrimes.

Here’s a guide to how cryptojacking works and what internet users can do to prevent mining malware from infecting their computers.

How Cryptojacking Works

There are three ways that crypto mining malware can become embedded on a victim’s computer:

1. Phishing Scam: People fall prey by clicking a link in a phishing e-mail, unintentionally loading crypto mining malware onto their computers.
2. Infected Website: Attackers inject a malicious code or “script” onto a website. The script mines new cryptocurrencies on any computers that visit the website.
3. Worms: There have also been cases of cryptojacking worms–malware that can replicate itself onto other computers, devices or servers. Such scripts are also more difficult to detect and remove.

Once placed, the malware runs in the background of victims’ computers while the unknowing victim goes about their business on the device. After the crypto mining script solves complex mathematical problems, the results are sent to the hacker, who then pockets them in what is their cryptocurrency wallet.

Some experts say that streaming and gaming websites tend to be popular venues for cryptojacking codes to lurk. Data has found a single crypto mining malware on more than 35,000 websites.

Risks of Cryptojacking

Cryptojacking is popular because the risk of being caught is so much lower than with other forms of cybercrime like ransomware, which requires that victims pay up in order to be successful.

Those impacted by cryptojacking may see their computer systems slow down dramatically and their electricity bills skyrocket. Because that’s how Bitcoin mining works: the costs of computer hardware and electricity are often the biggest drags on the profits of cryptominers.

Meanwhile, even bigger risks exist: once a hacker has infiltrated a victim’s computer, they may be able to jump to other areas of the network and steal data or intellectual property.

Famous Cryptojacking Incidents

Crypto mining malware has been known to be around since at least 2011, but cryptojacking ramped up in late 2017 as more people started investing in cryptocurrencies. The more valuable a cryptocurrency, the greater the incentive to mine it.

Cryptojacking became so prevalent that in April 2018, Google announced it would stop listing extensions for its Chrome browser that mines cryptocurrency. The internet giant found that 90% of such software on its webstore violated policies.

Several media outlets have reported that a number of companies and organizations have been victims of cryptojacking. In February 2018, security firm Redlock spotted that electric carmaker Tesla’s cloud was infected by cryptojacking malware.

Other cases have included code-collaboration website Github, said security company Avast in March 2018, U.K. insurer Aviva Plc and Britain’s National Health Service, according to an April 2018 article by the Financial Times. Meanwhile, the Harvard Crimson reported back in 2014 that the university’s research network was used for mining Dogecoin.

Coinhive, which made software that allowed websites to use visitor’s computers to mine anonymous cryptocurrencies, shuttered in 2019. While some users were legitimate and upfront to their visitors about using Coinhive, its software was also popular among hackers.

A dramatic decline in Monero prices prompted Coinhive’s closure. However, a July 2020 cyber threat report found that even after Coinhive ceased operations, its software was still found to be working. Meanwhile, some cryptojacking activity had shifted to other mining providers.

How to Detect Cryptojacking

Cyber security experts say that it can be difficult to detect cryptojacking because such malware operates differently from other types of malware. That’s why surreptitious mining can go undetected on an internet user’s computer, even if they have anti-virus software installed.

People can try to detect cryptojacking by paying attention to their computer’s performance. Signs of cryptojacking could include the device’s fan making noise, a spike in the computer’s Central Processing Unit (CPU), as well as overheating.

Cyberjacking has been known to be more prevalent on movie-streaming and gaming websites, where the code can mine for an hour or more uninterrupted, while the victim is unaware.

Tips to Prevent Crypto Mining Malware

1. Avoid certain websites. Browser extensions can help with avoiding websites that host the crypto mining code.
2. Monitor computer performance and look for signs of overheating. Pay attention to the behavior of the computer’s CPU.
3. Take training on how not to fall prey to phishing attempts. This step is particularly important to corporations looking to prevent employees from clicking on phishing e-mails.
4. Update devices with the latest patches that help prevent attackers from taking advantage of vulnerabilities in computer systems.
5. Frequently change computer and device credentials, making them less likely to see unauthorized access.
6. Lastly, it’s important that investors familiarize themselves with cryptocurrency rules and regulations to keep abreast on the latest trends and practices of hackers.

The Takeaway

Cryptojacking is a relatively new form of cybercrime that has exploded as more people learn what is Bitcoin. Cryptojacking involves embedding malware onto an internet user’s device and stealing computing power in order to mine new digital currencies.

It’s an example of how as more investors buy cryptocurrencies, new forms of criminal activity have also cropped up, as perpetrators gravitate toward the anonymous nature of digital currency transactions. Anyone can be a victim of cryptojacking. Those affected have included everyday individuals, government organizations and mega-corporations.

Internet users can take steps to protect themselves from cryptojacking by being wary of phishing attempts and installing anti-crypto-mining web extensions. They should also monitor for any overheating or decrease in performance by their computer.

SoFi Invest®
SoFi Invest encompasses two distinct companies, with various products and services offered to investors as described below: Individual customer accounts may be subject to the terms applicable to one or more of these platforms.
1) Automated Investing and advisory services are provided by SoFi Wealth LLC, an SEC-registered investment adviser (“SoFi Wealth“). Brokerage services are provided to SoFi Wealth LLC by SoFi Securities LLC.
2) Active Investing and brokerage services are provided by SoFi Securities LLC, Member FINRA (www.finra.org)/SIPC(www.sipc.org). Clearing and custody of all securities are provided by APEX Clearing Corporation.
For additional disclosures related to the SoFi Invest platforms described above please visit SoFi.com/legal.
Neither the Investment Advisor Representatives of SoFi Wealth, nor the Registered Representatives of SoFi Securities are compensated for the sale of any product or service sold through any SoFi Invest platform.

Crypto: Bitcoin and other cryptocurrencies aren’t endorsed or guaranteed by any government, are volatile, and involve a high degree of risk. Consumer protection and securities laws don’t regulate cryptocurrencies to the same degree as traditional brokerage and investment products. Research and knowledge are essential prerequisites before engaging with any cryptocurrency. US regulators, including FINRA , the SEC , and the CFPB , have issued public advisories concerning digital asset risk. Cryptocurrency purchases should not be made with funds drawn from financial products including student loans, personal loans, mortgage refinancing, savings, retirement funds or traditional investments. Limitations apply to trading certain crypto assets and may not be available to residents of all states.

Investment Risk: Diversification can help reduce some investment risk. It cannot guarantee profit, or fully protect in a down market.

Third-Party Brand Mentions: No brands, products, or companies mentioned are affiliated with SoFi, nor do they endorse or sponsor this article. Third-party trademarks referenced herein are property of their respective owners.


All your finances.
All in one app.

SoFi QR code, Download now, scan this with your phone’s camera

All your finances.
All in one app.

App Store rating

SoFi iOS App, Download on the App Store
SoFi Android App, Get it on Google Play

TLS 1.2 Encrypted
Equal Housing Lender