Your laptop fan suddenly roars to life, the browser crawls, and your electricity bill quietly climbs — yet you never installed anything new. Welcome to the world of cryptojacking, the stealthiest crypto crime most victims never even notice.

What Is Cryptojacking and How Does It Work?

Cryptojacking is the unauthorized use of someone else's device — a phone, laptop, server, or even a cloud instance — to mine cryptocurrency. Attackers piggyback on victims' processing power, electricity, and bandwidth, then pocket the block rewards. The victim gets the heat, the lag, and the bill.

Technically, the process is identical to legitimate mining. A script runs the same hashing algorithms (most commonly RandomX for Monero) and submits results to the network. The only difference is consent. If the code is running on your machine and you didn't approve it, it's theft — pure and simple.

Crypto mining malware has become the attacker's favorite side hustle because it is low-risk and high-volume. Unlike ransomware, there's no ransom note to alert the victim, and unlike data-stealing trojans, the stolen resource — compute cycles — is invisible until you look for it.

The Two Main Attack Vectors: Browser vs. Host

Cryptojacking scripts generally land on a device one of two ways.

1. Browser-based cryptojacking. A snippet of JavaScript is injected into a webpage, a malicious ad, or a compromised browser extension. While the tab is open, the script hijacks CPU cycles — often 60–100% of available threads. Close the tab and the mining stops, which is why most victims blame a slow browser rather than malware.

2. Host-based cryptojacking. A malicious executable installs on the operating system, runs in the background, and survives reboots. This is the more dangerous variant because it can persist undetected for months and spread across corporate networks through unpatched servers, SSH keys, or stolen credentials.

  • Drive-by downloads from compromised WordPress sites and pirated software portals
  • Malicious browser extensions disguised as ad blockers, coupon tools, or AI assistants
  • Container and cloud breaches where attackers spin up mining rigs inside an enterprise AWS or Azure account
  • Supply-chain attacks that bundle a miner with legitimate software updates

How to Detect and Prevent Cryptojacking

The good news: cryptojacking is one of the easier crypto crimes to spot if you know the warning signs.

Red flags to watch for

  • CPU usage pinned at near 100% when the system is supposedly idle
  • Fan noise and heat spikes on a laptop that isn't running heavy apps
  • Noticeable slowdown during web browsing, especially on mobile
  • Unexplained spikes in cloud or electricity bills

Open Task Manager (Windows), Activity Monitor (Mac), or top/htop on Linux and look for unknown processes with names like xmrig, minerd, or random strings. In the browser, hit Shift+Esc (Chrome) to inspect per-tab CPU usage — a single tab chewing 50%+ is a major red flag.

Defensive checklist

  • Install a reputable ad-blocker or anti-mining extension such as uBlock Origin or No Coin
  • Keep browsers, plugins, and operating systems patched — many miners exploit known CVEs in unpatched servers
  • Audit browser extensions monthly and remove anything you don't actively use
  • Enable endpoint detection and response (EDR) tools on corporate fleets
  • Monitor cloud bills and set alerts for anomalous compute consumption

Why Cryptojacking Is Booming Again

You'd think a crime from 2017 would be yesterday's news, but cryptojacking volume has quietly climbed to multi-year highs. Several factors are fueling the resurgence.

First, the rise of Monero and other privacy-focused coins has made illicit mining far more profitable — and far harder to trace — than Bitcoin. Second, the explosion of AI workloads has normalized the idea of renting huge compute pools, which gives cloud-based cryptojackers plenty of cover. Third, ransomware crews have pivoted to mining because it is "quieter money" — no negotiation, no headlines, just steady revenue.

Industrial-scale operations are now the norm. Some campaigns have hijacked tens of thousands of machines, while others have drained cloud bills worth six figures before anyone noticed. The economics are brutally simple: if an attacker can mine for free, even a small payout per machine adds up to millions across a botnet.

Key Takeaways

If your device is suddenly slow and your fans are screaming, don't assume it's age — assume someone else is using your hardware to get rich.
  • Cryptojacking is unauthorized crypto mining using a victim's device, electricity, and bandwidth.
  • It comes in two flavors: browser-based (script in a tab) and host-based (persistent malware).
  • Warning signs include high idle CPU, heat, sluggish browsing, and surprise cloud bills.
  • Defense is straightforward: patch everything, prune extensions, block scripts, and monitor compute usage.
  • Privacy coins, AI-driven cloud sprawl, and ransomware diversification are all fueling a new wave of cryptojacking in 2025 and beyond.

The next time your laptop sounds like a jet engine while you read a news article, take a closer look. The cost of a five-minute check is nothing compared to months of silently funding a stranger's crypto wallet.