Unauthorised cryptomining

The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.

What is unauthorised cryptocurrency mining?

Cryptocurrency mining (cryptomining) software uses a system\’s processing power to solve complex mathematical problems, in return for a type of digital currency.

Unauthorised cryptocurrency mining (also known as cryptojacking) is where a website or software on your computer does this cryptocurrency mining without your authorisation. It is now the most popular cyber attack method.

Cryptocurrency mining does not take any money from your accounts. You may temporarily experience minor performance loss and reduced battery power. If you suddenly notice a spike in CPU usage for no apparent reason when browsing the web, it might be a good idea to check if the website is mining cryptocurrency without telling you.

How do I recover from unauthorised cryptocurrency mining?

If you have experienced unusually slow performance from your computer, reduced battery life, or visited affected websites, we recommend:

Unauthorised cryptocurrency mining could also be done by malware. Visit our malware page for information on how to recover from malware.

For website administrators

Make a risk-based decision on including third-party JavaScript in your site. This will vary depending on the size of the website you manage and who is supplying the code. Consider whether the code you are including could compromise your users, and balance this against the risk of this happening for your site.

If practical, consider hosting the JavaScript locally on your own server rather than linking to code hosted elsewhere. This means changes to the libraries require access to your server, although this will mean you will need to install security patches yourself.

In certain cases, some technical measures can also help prevent inclusion of compromised third-party resources:

  • SRI (Sub-Resource Integrity) allows the browser to check a cryptographic hash of the script to ensure that your users are running the unaltered version. However, SRI will only work if the script is relatively static. If it changes regularly, the signature will no longer be valid and the script will not be loaded by users. Also, browser support for SRI is not universal.

  • CSP (Content Security Policy) allows you to whitelist locations where scripts can be loaded from. Several independent researchers have written that having a well-defined CSP in place would have blocked this type of attack.

We recommend putting the above mitigating measures in place where practical, and while we recognise these will not necessarily protect end-users in all cases, they will reduce the chances of them experiencing unauthorised cryptomining.

How do I prevent unauthorised cryptocurrency mining?

There are simple tools online that monitor for browser-based mining activity. They first identify the culprit and then block activities in your browser.

To prevent malware-based unauthorized cryptocurrency mining, follow the prevention tips on our malware page.

Stay ahead of the latest cyber threats. Sign up for Stay Smart Online alerts, a free service to inform you of the latest cyber threats and how to manage them.