Cryptojacking and Malicious Cryptominers

Reading time icon

3 min read

Reading time icon

3 min read

Malicious cryptominers belong to the category of malicious code designed to hijack idle processing power of a victim’s device and use it to mine cryptocurrency. Victims are not asked to consent to such activity and even may be unaware that it is happening in the background.

What are malicious cryptominers?

Formerly, most malicious crypto-mining code tried to download and run an executable on the targeted devices.

However, a different form of crypto-mining malware has recently become very popular – in-browser mining that uses simple JavaScript. This method - also dubbed cryptojacking - enables the same malicious activity to be executed directly in a victim’s browser, without installing any software.

Read more

Nowadays, most cryptomining scripts and executables mine Monero. This cryptocurrency has many advantages over the better-known bitcoin: it offers anonymous transactions and can be mined with regular CPUs and GPUs instead of expensive, specialized hardware.

Cryptomining and cryptojacking cyberattacks have been detected on all popular desktop platforms, as well as on Android devices. Most of them are classified as potentially unwanted applications (PUA); however, some of the detected attacks fall into the more dangerous Trojan category.

Malicious cryptominers image
Spread the word and share online

How to recognize a cryptomining attack?

Cryptomining and cryptojacking are associated with extremely high processor activity that has noticeable side-effects. Victims often report visibly reduced performance of their device, its overheating as well as increased fan activity (and thus noticeable noise).

On Android devices, the computational load can even lead to “bloating” of the battery and thus to physical damage to, or destruction of, the device.

Similar problems may be caused by a variety of issues in hardware or software; however in the case of cryptojacking, they become apparent after the victim accesses a specific website - probably one that incorporates the cryptomining JavaScript code.

How can you protect yourself from malicious cryptominers?

Use a reliable and multilayered security solution to block unwanted cryptomining and cryptojacking activity. If you notice that accessing a specific website dramatically increases the use of your CPU, close the browser.

In some cases, a reboot may be necessary in order to close the hidden browser windows, which continue with the mining in the background. After the restart, don’t allow your browser to autoload the previous session, as this might re-open the cryptojacking tab.

History of malicious cryptominers image

Brief history

Malicious cryptominers became prevalent in 2017, mostly due to the increase in value of various cryptocurrencies. Older variants of such malicious code were typically intended to infiltrate the victim’s device and install the mining software. In September 2017, a new cryptocurrency mining service was made available, named Coinhive. Unlike with other cryptomining services, Coinhive’s customers only needed to place a few lines of JavaScript into their web pages so as to enlist their visitors’ CPU power to mine cryptocurrency directly in-browser.

Read more

This revenue model has become very popular among cybercriminals, who started “infecting” websites around the world with Coinhive’s code, misusing these sites for their financial gain without the consent of their owners or visitors. Cybercrooks have also started creating copycat cryptomining services of their own, offering similar code, but with outright malicious intentions.

ESET protects you against malicious cryptominers

ESET Smart Security Premium


ESET Smart Security Premium

Built without compromise for users who want it all.
Secures Windows, macOS and Android devices.


Ultimate digital security for business

Protect your company endpoints, business data and users with ESET's
multilayered technology.

Ultimate digital security for business

Protect your company endpoints, business data and users with ESET's multilayered technology.

Want to know more?

Follow us for all the latest tips and news

Follow us for all the latest tips and news

ESET Smart Security Premium box


ESET Smart Security Premium


ESET Internet Security


ESET NOD32 Antivirus

Small and Home  office protection

Easy-to-use device security with advanced privacy features

ESET Mobile Security for Android

Keep your Android device safe. Wherever you go

ESET Parental Control for Android

Protect your children online with confidence

ESET Smart TV Security box

ESET Smart TV Security

Internet of Things security starts with your TV

Renew my license

Renew, upgrade or add devices to your license


Manage your license, update date and more


Install your protection or try ESET free for 30 days


Install your business protection or request a free trail


Superior technology

Learn more about our unified cybersecurity platform

Industry recognition

ESET cybersecurity solutions are recognized and industry-wide.

Corporate blog

Cybersecurity news from ESET's award-winning researches.

Customer zone


Manage your license, update billing information and more

Live chat

Need help purchasing, renewing a license or have product questions?

Business sales

for business customers

For business sales call: