What is Cryptojacking, and How Can You Protect Yourself?

What is Cryptojacking, and How Can You Protect Yourself?
What is Cryptojacking, and How Can You Protect Yourself?

Cryptojacking is the hot new way for criminals to make money using your hardware. A website you have open in your browser can max out your CPU to mine cryptocurrency, and cryptojacking malware is becoming increasingly common.

What is Cryptojacking?

Cryptojacking is an attack where the attacker runs cryptocurrency-mining software on your hardware without your permission. The attacker keeps the cryptocurrency and sells it for a profit, and you get stuck with high CPU usage and a hefty electricity bill.

Cryptojacking is an attack where the attacker runs cryptocurrency-mining software on your hardware without your permission. The attacker keeps the cryptocurrency and sells it for a profit, and you get stuck with high CPU usage and a hefty electricity bill.

While Bitcoin is the most widely known cryptocurrency, cryptojacking attacks usually involve mining other cryptocurrencies. Monero is particularly common, as it’s designed so people can mine it on average PCs. Monero also has anonymity features, which means it’s difficult to track where the attacker ultimately sends the Monero they mine on their victims’ hardware. Monero is an “altcoin,” which means a non-Bitcoin cryptocurrency.

Which Devices Can Be Cryptojacked?

Any device that runs software can be commandeered for cryptocurrency mining. The attacker just has to make it run mining software.

“Drive-by” cryptojacking attacks can be performed against any device with a browser—a Windows PC, Mac, Linux system, Chromebook, Android phone, iPhone, or iPad. As long as you have a web page with an embedded mining script open in your browser, the attacker can use your CPU to mine for currency. They’ll lose that access as soon as you close the browser tab or navigate away from the page.

There’s also cryptojacking malware, which works just like any other malware. If an attacker can take advantage of a security hole or trick you into installing their malware, they can run a mining script as a background process on your computer—whether it’s a Windows PC, Mac, or Linux system. Attackers have tried to sneak cryptocurrency miners into mobile apps, too—especially Android apps.

In theory, it would even be possible for an attacker to attack a smarthome device with security holes and install cryptocurrency mining software, forcing the device to spend its limited computing power on mining cryptocurrency.

How to Protect Yourself from Cryptojacking in the Browser

We recommend running security software that automatically blocks cryptocurrency miners in your browser. For example, Malwarebytes automatically blocks CoinHive and other cryptocurrency mining scripts, preventing them from running inside your browser. The built-in Windows Defender antivirus on Windows 10 doesn’t block all in-browser miners. Check with your security software company to see if they block mining scripts.

While security software should protect you, you can also install a browser extension that provides a “blacklist” of mining scripts.

On an iPhone, iPad, or Android device, web pages that use cryptocurrency miners should stop mining as soon as you navigate away from your browser app or change tabs. The operating system won’t let them use a lot of CPU in the background.

On a Windows PC, Mac, Linux system, or Chromebook, just having the tabs open in the background will allow a website to use as much CPU as it wants. However, if you have software that blocks those mining scripts, you shouldn’t have to worry.

Add Comment

10 + 8 =