Get fresh insights, pro tips, and thought starters–only the best of posts for you.
A cryptominer is software that uses a computer’s processing power to mine cryptocurrency by validating blockchain transactions and solving cryptographic calculations. Understanding what is a cryptominer helps organizations distinguish between legitimate cryptocurrency mining software and unauthorized mining activity. While organizations and individuals can intentionally use cryptominers for lawful cryptocurrency mining, attackers frequently misuse them to consume victim resources without permission.
Cryptocurrency mining requires significant computing power. Rather than paying for hardware and electricity, attackers often install cryptominers on compromised systems to generate cryptocurrency using someone else’s resources.
Attackers use cryptominers to:
These attacks often prioritize stealth so the mining software remains active for extended periods.
A cryptominer performs mathematical calculations required to validate blockchain transactions. It continuously uses available CPU or GPU resources to solve cryptographic problems and earn cryptocurrency rewards.
A typical process includes:
The software itself performs cryptocurrency mining regardless of whether it operates legitimately or maliciously.
Organizations may encounter cryptominers in both legitimate and unauthorized environments.
| Environment | Common purpose |
|---|---|
| Personal computers | Individual cryptocurrency mining |
| Enterprise endpoints | Unauthorized resource consumption |
| Cloud workloads | Large-scale cryptocurrency mining |
| Dedicated mining systems | Legitimate mining operations |
| Compromised servers | Attacker-controlled mining activity |
Security teams should distinguish between approved mining activity and unauthorized software.
Unauthorized mining software primarily affects system availability and operational efficiency rather than encrypting or stealing data. Common risks include:
These impacts can affect both on-premises and cloud environments.
Unauthorized cryptominers often reveal themselves through unusual resource consumption and persistent background activity. Security teams need visibility into managed endpoints to identify suspicious processes and investigate abnormal system behavior.
Hexnode XDR can support these investigations through:
These capabilities help analysts investigate unauthorized mining activity across enterprise endpoints.
No. A cryptominer is legitimate when the owner intentionally installs and operates it. It becomes malicious when attackers install or run it without authorization.
A cryptominer is the mining software itself. Cryptojacking malware secretly installs or runs a cryptominer on a victim’s system without permission.
Yes. Attackers often target cloud workloads because they provide substantial computing resources that can generate cryptocurrency at the victim’s expense.