Imagine your laptop fans spinning at full throttle, your electricity bill quietly doubling, and your once-snappy browser now crawling — all while you do nothing different. Welcome to the world of cryptojacking, the stealthy cybercrime that weaponizes your hardware to mine cryptocurrency for someone else. It's faster, easier, and far more profitable for attackers than trying to pry open a crypto exchange. And the worst part? Most victims never know it's happening.

What Is Cryptojacking, Exactly?

Cryptojacking is the unauthorized use of a victim's computing power to mine cryptocurrency. Unlike ransomware or outright wallet theft, there's no file lock or drained balance screaming for attention. Instead, malware or malicious scripts quietly run in the background, siphoning CPU and GPU cycles to solve the cryptographic puzzles that generate new coins — most often Monero, which is favored for its privacy features and CPU-friendly mining algorithm.

The term itself is a portmanteau of "crypto" and "hijacking," and it first entered mainstream awareness around 2017, when a wave of browser-based mining scripts (notably Coinhive) started appearing on torrent sites, streaming platforms, and even legitimate blogs. Coinhive eventually shut down, but the technique it popularized has only evolved, mutating into more sophisticated strains that target servers, cloud workloads, smartphones, and even industrial control systems.

Cryptojacking doesn't steal your coins. It steals your electricity, your performance, and your hardware lifespan — one hash at a time.

How Cryptojacking Actually Works

There are two main delivery methods, and understanding them is the first step toward defending against them.

1. Browser-Based Cryptojacking

This is the drive-by version. A malicious JavaScript snippet gets injected into a webpage, often through a compromised ad network, a WordPress plugin vulnerability, or a rogue browser extension. The moment you load the page, your CPU starts crunching hashes. Close the tab, and in most cases the mining stops. Sounds harmless — until you remember how many tabs you keep open for hours at a stretch.

2. Host-Based Cryptojacking

This is the nastier cousin. Attackers use phishing emails, trojanized software cracks, or unpatched vulnerabilities to install a persistent mining payload directly on your device or server. Once inside, the miner runs silently as a background service, survives reboots, and often includes code to disable or evade antivirus tools. Cloud servers are a particularly juicy target because they ship with massive, always-on compute power and a billing account attached.

Both routes typically funnel the mined coins to the attacker's wallet, with a small developer fee skimmed off by the mining software provider. It's a low-friction, high-margin business model — exactly the kind of thing cybercriminals love.

Warning Signs You've Been Cryptojacked

Cryptojacking is designed to stay hidden, but it can't completely mask its physical footprint. Watch for these red flags:

  • Surging CPU usage when your device should be idle
  • Overheating and loud fans on laptops, phones, or desktops
  • Noticeably slower performance across everyday tasks and games
  • Spiking electricity bills without any change in your usage habits
  • Battery drain on mobile devices that suddenly gets much worse
  • Unknown processes in Task Manager with names like xmrig, minerd, or random hex strings

On a corporate network, the symptoms often show up as sluggish servers, inflated cloud bills, or unusual outbound traffic to known mining pool domains — a particularly painful surprise for teams running Kubernetes clusters, render farms, or large-scale web operations.

How to Defend Yourself (and Your Hardware)

You don't need enterprise-grade tooling to dramatically reduce your risk. A few layered habits go a long way.

  • Keep software updated. Most cryptojacking malware rides in on known exploits. Patching your OS, browser, and plugins slams the door shut.
  • Use a reputable ad blocker and anti-mining extensions. Tools like uBlock Origin can block known mining scripts at the network level before they ever touch your CPU.
  • Disable JavaScript on untrusted sites or use a separate browser profile dedicated to high-risk browsing.
  • Monitor Task Manager or Activity Monitor regularly — if something is hogging 90% of your CPU when you aren't doing anything, investigate.
  • Audit browser extensions and remove anything you don't recognize, no longer use, or installed on a whim.
  • For businesses, deploy endpoint detection and response (EDR) and watch for outbound connections to known mining pool domains.

For cloud workloads specifically, enable detailed billing alerts and consider tools that flag anomalous compute consumption. A cryptojacked AWS or Azure instance can rack up thousands of dollars in charges before anyone notices — turning a stealthy attack into a very public budget crisis.

Key Takeaways

Cryptojacking may not grab headlines the way ransomware or exchange hacks do, but it's a persistent, profitable, and growing threat. Attackers don't need to be brilliant — they just need one victim who clicks the wrong link or skips one too many updates. The crime is quiet, but the cost is loud: higher power bills, degraded hardware, and a slow drain on performance that compounds over weeks and months.

Stay patched, stay skeptical of random browser extensions, and keep an eye on what your CPU is actually doing when you aren't. In the world of cryptojacking, awareness is the most powerful anti-malware you can install.