Hidden Mining


Covert mining malware is a category of malicious code designed to use the processing power of a user’s device to mine cryptocurrency. In this case, victims do not consent or even suspect such activity.

What is hidden mining?

Previously, cryptocurrency mining malware tried to download and run an executable file on certain devices. However, another form of malware known as cryptojacking – cryptocurrency mining in the browser using simple JavaScript – has recently become very popular. This method allows malicious activity to be performed directly in the victim’s browser without installing software.

How do I detect hidden mining?

Cryptomining and cryptojacking require extremely high CPU activity. In particular, victims often report a noticeable decrease in device performance, overheating, and increased activity (and thus noticeable noise).

On Android devices, the computational load can even lead to “bloating” of the battery and thus physical damage to the gadget.

In the case of cryptojacking, problems become evident after the user opens a website with malicious JavaScript code.

How do I protect myself from malware viruses?

How protect myself from malware viruses

If you notice that accessing a certain website drastically increases your CPU usage, close the browser.

In some cases, you may need to reboot to close hidden browser windows that continue to run in the background. After a restart, do not let the web browser automatically start the previous session, as this may reopen the crypto-jacking tab.

A brief history

Hidden mining became widespread in 2017 due to the increase in the price of various cryptocurrencies. Older variants of such malware are usually designed to infiltrate the victim’s device and install a miner virus. In September 2017, a new mining service, Coinhive, was created.

Unlike other similar services, Coinhive customers only had to place a few lines of JavaScript on their web pages to use their visitors’ CPU power to mine cryptocurrency covertly directly in the browser.