What is Cryptojacking?

Cybercrime is a business, and cybercriminals are constantly looking for ways to monetize their attacks. Along with ransomware, cryptojacking is a common method for cybercriminals to turn their access to an organization’s systems into profit. Cryptojacking malware uses an organization’s computational resources to earn rewards in cryptocurrency for the attacker on a blockchain platform.

Free Demo Download Buyer's Guide

What is Cryptojacking?

How a Cryptojacking Attack Works

Cryptojacking attacks are designed to take advantage of the Proof of Work consensus algorithm used by many blockchains and cryptocurrencies. Proof of Work is designed to decentralize the process of creating blocks to update the blockchain’s distributed ledger. By randomly selecting block creators, the blockchain limits the ability of an attacker to exert too much control over the ledger and rewrite the blockchain’s history.


In Proof of Work, the block creator is selected by having miners search for a valid block header, where validity is defined as having a hash value less than a set threshold. The only way to find such a block is by testing potential headers. As a result, the miner with the most computational power at their disposal has the highest probability of finding a valid block and claiming the associated reward.


Cryptojacking malware enables an attacker to steal other peoples’ computational power for use in their attacks. The malware runs on the infected machine and performs the guess-and-check operations needed to find a valid hash for a block header. By increasing the attacker’s access to computing resources, cryptojacking malware increases the chance of earning block rewards, turning a profit for the attacker at the expense of the owner of the compromised computer.


Cryptojacking malware can come in a few different forms. Some infect a device and run as a standalone process. Other variants may be implemented as a script that runs in the user’s browser when they visit a malicious or compromised webpage. This malware is commonly designed to mine Monero, a privacy-focused cryptocurrency designed to be mined on general-purpose computers (instead of specialized hardware).

The Modern Cryptojacking Attack

Cryptojacking first emerged as a major cybersecurity threat in 2018. At the time, it was one of the most common types of malware as cybercriminals exploited the rise in the value of cryptocurrency. After the value of many cryptocurrencies crashed in 2019, cryptojacking attacks largely fell off until recently.


In 2021, surging cryptocurrency prices have created new interest in cryptojacking attacks. While the original in-browser cryptojacking script, Coinhive, is no longer in operation, multiple copycat scripts are still active. Additionally, cryptojacking malware targets Internet of Things (IoT) devices, mobile phones, computers, and routers.


The modern cryptojacking attack does not focus solely on mining cryptocurrency. Instead, cybercriminals leverage their access to accomplish multiple goals, such as combining cryptojacking and data theft. These combined attacks provide cybercriminals with multiple methods to monetize their exploits.

Best Practices for Detecting and Preventing Cryptojacking Attacks

Cryptojacking attacks are a growing threat that wastes an organization’s resources and endangers its cybersecurity. Some best practices for protecting against cryptojacking attacks and improving endpoint security include:


  • Apply Updates and Patches: Cryptojacking malware commonly spreads by exploiting unpatched vulnerabilities, especially in IoT devices. Applying necessary updates and patches promptly can help to protect an organization’s devices against infections by cryptojacking malware.
  • Implement Virtual Patching: Deploying patches to many devices can be time-consuming, which leaves a window for attackers to exploit unpatched systems. Using the virtual patching of an intrusion prevention system (IPS), an organization can block attempted exploitation of unpatched vulnerabilities within its environment.
  • Deploy Zero-Day Protection: Patches and updates only work for vulnerabilities that are known and have patches available. Deploying protection for zero-day attacks can enable an organization to identify and block attempted exploitation of unknown vulnerabilities.
  • Integrate Strong Authentication: Account takeover attacks leveraging compromised credentials are a common attack vector for cryptojackers and malware in general. By enforcing a strong password policy and implementing multi-factor authentication (MFA), an organization can make it more difficult for an attacker to gain access to its environment and deploy cryptojacking malware.
  • Secure Cloud-Based Resources: Cloud-based deployments are a prime target for cryptojacking malware due to their easy access to a massive amount of computational resources. Deploying cloud-specific security solutions is essential for defending an organization’s cloud deployments against cryptojacking and other attacks.
  • Use Anti-Bot Protection: Cryptojacking attacks rely heavily on automation to deploy the malware and perform command and control between the controller and the infected bots. An anti-bot solution can help to detect and block these automated communications, making it harder to infect a system with cryptojacking malware or for existing malware to do its job.


Protecting against cryptojacking attacks requires advanced threat protection across all attack vectors and an organization’s entire IT ecosystem. Check Point Harmony Endpoint offers AI-driven prevention of known and zero-day threats and behavioral analytics to identify attempted exploits. To learn more about Harmony Suite’s capabilities, request a demo. You’re also welcome to sign up for a free trial to try out Harmony Suite for yourself.

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.