Cryptojacking is defined as the secret use of your computing device to mine cryptocurrency.
Cryptojacking used to be confined to the victim unknowingly installing a program that secretly mines cryptocurrency.
Here’s the bad news…
In-browser cryptojacking doesn’t need a program to be installed.
I found this out when Jascha, a Hacker Bits subscriber, emailed us about an article in Issue 22 that was doing in-browser cryptojacking.
Below, you’ll find out more about in-browser cryptojacking and how to protect yourself.
How does in-browser cryptojacking work?
If you think it’s nothing, think again…
You load the page, and the in-browser mining code just runs. No need to install, and no need to opt-in.
Currently (Nov 2017), in-browser mining is available for the Monero cryptocurrency.
Monero is a privacy-focused cryptocurrency started in 2014. It is one of the few cryptocurrencies that supports in-browser mining.
Will you notice if a web page is cryptojacking?
If the mining is being throttled to stay below a certain threshold, you may not notice any performance degradation.
If the mining is not being throttled, you will likely notice some impact on performance.
After Jascha’s email, I navigated to the article and noticed my laptop fan whirring loudly.
My laptop fan starts whirring whenever the CPU usage jumps up from my normal CPU usage, so I was definitely suspicious.
What devices are affected?
Is it dangerous?
Once again, it depends.
If you’re on a desktop or laptop with lots of processor speed and memory, you might not even notice in-browser cryptojacking.
On the other hand, cryptojacking on a mobile device like a phone or tablet could be a significant drain on your battery.
How do you protect yourself?
The simplest way to protect yourself is to install a browser extension that blocks a list of domains associated with cryptojacking code.
Maybe one day the capability to block cryptojacking will be built into the browser.
If this interests you, make sure to checkout this thread from the folks at Chromium: 766068 – Please consider intervention for high cpu usage js.