How does cryptojacking get onto my device?

Cryptojacking typically occurs through malicious links in phishing emails, infected websites that run mining scripts in your browser, or malware downloaded alongside legitimate-looking software. Once active, it runs silently in the background without your awareness.

How can I tell if my device has been cryptojacked?

Common signs include a sudden and unexplained slowdown in device performance, your CPU running at unusually high levels, overheating, or a noticeable spike in your electricity bill. You can check your device's task manager or activity monitor to spot processes consuming excessive resources.

Does a VPN protect me from cryptojacking?

A VPN can help by encrypting your internet traffic and blocking access to known malicious domains that host cryptojacking scripts, but it is not a complete solution on its own. Combining a VPN with antivirus software and an ad blocker provides stronger protection against cryptojacking threats.

Is cryptojacking illegal?

Yes, cryptojacking is illegal in most countries because it involves unauthorized access to and use of someone else's computing resources without their consent. Perpetrators can face criminal charges related to computer fraud, unauthorized access, and theft of resources.

Cryptojacking

Cryptojacking: When Your Device Becomes Someone Else's Crypto Mine

Your computer feels sluggish. Your fan is running at full speed. Your electricity bill is creeping up. You haven't changed anything, but something is clearly wrong. There's a reasonable chance you've been cryptojacked.

What Is Cryptojacking?

Cryptojacking is the unauthorized use of someone else's computing resources to mine cryptocurrency. Mining crypto — particularly coins like Monero — requires enormous amounts of processing power to solve complex mathematical equations. Attackers have figured out that instead of paying for that power themselves, they can quietly steal it from thousands of victims and pocket the profits.

Unlike ransomware or data theft, cryptojacking is designed to go unnoticed. The goal isn't to destroy your files or steal your passwords — it's to quietly drain your CPU and GPU for as long as possible without triggering any alarms.

How Does Cryptojacking Work?

There are two main delivery methods:

1. Malware-based cryptojacking

You download an infected file, click a malicious link, or visit a compromised website that installs a mining script directly onto your device. This software runs in the background, consuming processing power continuously — even when you think your computer is idle.

2. Browser-based cryptojacking (drive-by mining)

This method doesn't require any download at all. A malicious or compromised website embeds a JavaScript mining script that runs in your browser tab. The moment you land on the page, your CPU starts working for the attacker. Close the tab, and it stops — but some scripts are clever enough to spawn hidden pop-under windows that persist after you think you've left the site.

Monero (XMR) is the cryptocurrency of choice for most cryptojackers. It's privacy-focused, untraceable, and can be mined efficiently with consumer-grade hardware — making it the perfect currency for a covert operation.

Why Should VPN Users Care?

At first glance, cryptojacking might seem like a problem a VPN can't solve. And in some ways, that's true — a VPN won't stop a mining script that's already running on your machine. But the connection matters more than you'd think.

Unsecured public Wi-Fi is a prime attack vector. Attackers on the same network can intercept your traffic or redirect you to malicious pages through man-in-the-middle attacks. A VPN encrypts your connection, making it much harder for anyone on that network to manipulate what you see or download.

Your IP address reveals more than you think. Attackers often target users by region, device type, or browsing behavior — information tied to your IP. A VPN masks your real IP, reducing your exposure to targeted attacks.

VPN providers with built-in threat protection can actively block known cryptomining domains and malicious scripts before they even reach your browser — acting as a first line of defense beyond simple encryption.

That said, a VPN is not a complete solution on its own. You still need a reputable antivirus tool, a browser extension that blocks mining scripts (like uBlock Origin), and the habit of keeping your software updated.

Real-World Examples

In 2018, the official Los Angeles Times website was found running a hidden Monero miner in its code after attackers compromised a misconfigured cloud storage bucket.
Tesla's cloud infrastructure was hijacked by cryptominers in 2018 after attackers gained access through an unsecured Kubernetes console.
Thousands of government websites across the US and UK were simultaneously hit by a compromised third-party accessibility plugin that injected mining scripts into every page using it.

These aren't fringe incidents. Cryptojacking campaigns have targeted hospitals, universities, enterprise networks, and everyday home users alike.

How to Protect Yourself

Monitor your CPU usage — spikes for no apparent reason are a red flag
Use a browser with built-in script blocking or install an extension like uBlock Origin
Keep your operating system and browser fully updated
Use a VPN with malware/ad-blocking capabilities
Run regular antivirus and anti-malware scans
Be cautious about what you download, even from trusted-looking sources

Cryptojacking is a low-risk, high-reward attack for criminals. Understanding how it works is the first step to making sure your machine is working for you — not for them.

CryptojackingIntermediate