Cryptojacking: When the computer is turned into a mine

The cryptocurrency Bitcoin has experienced a tremendous boom in recent weeks: Within four weeks, its value doubled from 20,000 to almost 42,000 dollars - only to fall by 8,000 dollars in one day. But it is not only the volatility of this digital currency that is worrying: in many ransomware attacks, the hackers demand their ransom in Bitcoins. Cybercriminals are also increasingly tapping into private computers and company networks to mine cryptocurrencies - without the owner of the computer noticing.

How cryptojacking works and how you can protect yourself from it:


It was just ten years ago that programmer Laszlo Hanyecz paid 10,000 Bitcoins for two pizzas he ordered, making the first documented transaction of a cryptocurrency for a real economic good. At the time, the value of these Bitcoins was still around 41 dollars. On the day of the last peak in early January 2021, the pizza coins were worth almost 420 million dollars.

No wonder that mining new cryptocurrency is very attractive at the moment. However, mining legally has not been worth it for a long time due to the enormous computing power required and the horrendous electricity costs. Miners are therefore desperately looking for other resources - and are not afraid to use illegal, criminal methods. Security experts are already talking about a whole "industry" of its own, bitcrime. Researchers at the University of Sydney have already estimated in 2018 that just under 80 billion US dollars of Bitcoins are being turned over in criminal activities. And IT analysts from "Cybersecurity Ventures" expect that by 2021 around 70 percent of all crypto coins will be generated by criminal business.

Hijacking computers, secretly mining

Accordingly, the number of attempts at cryptojacking is also increasing. Because at some point, miners realised that not even high-end PCs with a powerful processor were enough to make a profit from mining and cover the associated costs. So miners started building huge computer farms to mine for cryptocurrencies on a commercial scale. Since even this was not profitable in the face of horrendous electricity costs, the idea of cryptojacking emerged, i.e. using devices (computers, smartphones, tablets or even servers) without the consent or knowledge of the users to secretly mine cryptocurrency at the expense of the victim.

Basically, two types of cryptojacking attacks are known: browser-based or through infection with malware. Browser-based attacks are comparatively harmless. More dangerous are cryptojacking attacks in which malware is downloaded after a phishing attack. Once the computer is infected, the cryptojacker works around the clock to mine cryptocurrency, hiding in the background. To do this, the criminals use security holes in applications such as the web servers Apache, iis, ngix, php, in content management systems or databases that are directly accessible from the internet. In this way, they can plant the mining script on web servers, routers or in content management systems, for example, so that it is redistributed to all websites that flow through these systems. The goal is to create a huge botnet of devices and use their CPU cycles for cryptomining - at minimal cost to the attacker.

Three different types of cryptojacking

Temporary cryptojacking

Mining only runs for a certain period of time, whenever you are on a certain website or use a certain app that uses your system for cryptojacking. Often these scripts used for "mining" come with pop-up or banner ads.

Drive-by cryptojacking

Here, a small pop-up window remains unnoticed even when leaving a corresponding website. The mining process only ends when the website is restarted.

Continuous cryptojacking

This procedure runs via malware that enters the computer system. It is usually hidden in email attachments or JavaScript ads.

How can you prevent cryptomining?

- Pay particular attention to so-called phishing mails. Do not open, do not click anything!

- Block the JavaScript in your browser to prevent drive-by cryptojacking.

- Use browser extensions to take action against cryptomining. Examples: AdBlock, No Coin or even MinerBlock.

The typical signs:

- High processor load

- A computer that works and reacts slowly due to this load

- Computer ventilation running at full speed

- Strong heating and rapid battery discharge on smartphones

What can I do to improve my security?

Most measures to reduce your cyber risk also protect against cryptojacking. Particularly important aspects include:

- Employee sensitisation (handling emails, pointing out possible signs of cryptojacking).

- Securing internet browsers

- Considered allocation of admin rights

- Securing and monitoring the server

- Observation and documentation of everyday, normal computer use in order to be able to recognise deviations if necessary.

Digital parasites drive up electricity costs

Some cybersecurity experts point out that cryptojacking scripts, unlike most other types of malware, do not harm victims' computers or data. The only annoyance, they say, is slower computer performance. But large organisations that have been hit by many cryptojacking systems still incur significant power and IT labour costs. In addition, reduced computer performance could mean that certain business processes no longer run fast and smoothly enough. There is definitely cause for concern (and for checking whether one is affected). After all, those who are vulnerable to mining malware are also at risk from other malware.

Also read our glossary article on the topic of "cryptojacking" here:



Any questions?
We are here for you.

Arrange a free consultation with our IT security experts. We look forward to meeting you.

+49 030/95 999 80 80 (Mon - Fri 09:00am - 6:00pm)