Get fresh insights, pro tips, and thought starters–only the best of posts for you.
Cryptojacking is a cyberattack in which attackers secretly use a victim’s computing resources to mine cryptocurrency without the owner’s knowledge or consent. Understanding what is cryptojacking helps organizations recognize how attackers abuse compromised endpoints, servers, browsers, and cloud workloads to generate cryptocurrency while consuming CPU, memory, and power resources. Unlike ransomware, cryptojacking focuses on quietly exploiting computing capacity rather than disrupting access to systems or data.
Cryptojacking can affect system performance, increase infrastructure costs, and reduce the availability of business-critical resources. Because the malware often operates quietly, organizations may not detect it immediately.
Attackers use this to:
These attacks can impact organizations of any size that operate internet-connected systems.
Attackers typically install mining software after compromising a device or exploiting a vulnerable application. The malware runs in the background and consumes available computing resources to perform cryptocurrency mining.
A typical attack flow includes:
The attack often continues until security teams identify and remove the malware.
Although cryptojacking often avoids obvious disruption, affected systems usually display unusual resource consumption.
| Indicator | Security impact |
|---|---|
| High CPU usage | Reduce application performance |
| Increased power consumption | Raise operational costs |
| Slow system performance | Affect user productivity |
| Unusual background processes | Indicate unauthorized activity |
| Persistent resource utilization | Suggest continuous mining activity |
These indicators help security teams identify systems that may require investigation.
Organizations should combine preventive controls with continuous monitoring to detect unauthorized cryptocurrency mining activity. Common security practices include:
These measures help reduce the likelihood of successful cryptojacking attacks.
Unexpected CPU spikes, persistent background processes, or unusual endpoint behavior may indicate cryptojacking or other malware activity. Security teams need endpoint visibility to determine whether legitimate workloads or malicious software consume system resources.
Hexnode XDR can support these investigations through:
These capabilities help analysts investigate abnormal endpoint activity and identify potential cryptojacking infections.
No. Cryptojacking secretly uses computing resources to mine cryptocurrency, while ransomware encrypts data and demands payment for recovery.
Yes. Attackers frequently target cloud workloads because they provide significant computing resources for cryptocurrency mining.
Not always. Some attacks use browser-based scripts, while others deploy persistent malware that runs directly on compromised systems.