Right now, as you read this, your PC might be making someone else money. Cryptojacking - the unauthorized use of your computer to mine cryptocurrency - has become one of the fastest-growing cyber threats of the decade. Unlike traditional malware that steals your data, cryptojacking hijacks your hardware, running up your electricity bill while degrading your system's performance.
The scary part? Most victims never realize they're infected. In this guide, we'll show you exactly how to detect if your PC is being used as someone else's money machine, and how to stop it.
What Is Cryptojacking?
Cryptojacking is a form of malware that uses your computer's processing power to mine cryptocurrency - typically Monero (XMR) because of its CPU-friendly mining algorithm and privacy features that make transactions untraceable.
There are two main types:
- Browser-based cryptojacking: Malicious JavaScript runs while you visit a compromised website. Close the tab, and mining stops.
- File-based cryptojacking: Malware installs on your system and runs continuously in the background, even after restart. This is far more dangerous and persistent.
A single infected PC mining 24/7 can add $50-150 to your annual electricity bill while causing $200-500 in hardware degradation from constant high-temperature operation.
7 Warning Signs Your PC May Be Mining Crypto
1. Consistently High CPU Usage
The most obvious sign. If your CPU is running at 80-100% when you're doing nothing intensive, something's wrong. Open Task Manager (Ctrl+Shift+Esc) and check - if you can't identify what's using all that power, you might be infected.
2. Fans Running Constantly at High Speed
Crypto mining generates significant heat. If your fans sound like a jet engine even when you're just browsing the web or your laptop feels unusually hot, malware might be working your hardware overtime.
3. Sluggish System Performance
Everything feels slow - applications take forever to open, videos stutter, and even simple tasks lag. The miner is consuming resources that should be yours.
4. Unexplained Increase in Electricity Bills
A PC mining crypto 24/7 can draw 200-400W extra. Over a month, that adds up. If your electricity bill has spiked without explanation, your PC might be the culprit.
5. Task Manager Shows Suspicious Processes
Look for processes with random names, high CPU usage, or ones that immediately restart when you try to close them. Common cryptominer names include variations of:
- xmrig.exe (legitimate when intentional, malicious when hidden)
- Random strings like "svchost32.exe" or "windowsupdate.exe"
- Processes with names mimicking system files
6. Browser Slowdowns on Specific Sites
If your browser becomes sluggish only on certain websites, those sites might be running browser-based miners. Check if the slowdown disappears when you close the tab.
7. Disabled Security Software
Some cryptominers actively disable Windows Defender and other security tools to avoid detection. If your antivirus keeps turning off unexpectedly, investigate immediately.
How to Detect Cryptojacking Malware
Method 1: Task Manager Deep Dive
- Press
Ctrl + Shift + Escto open Task Manager - Click "More details" if in simple view
- Sort by CPU usage (click the CPU column header)
- Look for unfamiliar processes using high CPU
- Right-click suspicious processes → "Open file location"
- If the file is in a temp folder or has a random name, it's likely malware
Use STX.1's real-time monitoring to track CPU usage over time. Cryptominers often activate when the PC is idle, so a monitoring tool that logs historical data can catch what Task Manager misses.
Method 2: Resource Monitor Analysis
- Press
Windows + R, typeresmon, press Enter - Go to the CPU tab
- Expand "Associated Handles" and "Associated Modules"
- Look for processes making network connections while consuming CPU
- Legitimate mining requires network access to submit work
Method 3: Network Traffic Inspection
Cryptominers must communicate with mining pools. Look for:
- Connections to known mining pools (check the destination IP/domain)
- Consistent outbound traffic on ports like 3333, 4444, 8333, or 14444
- Traffic spikes that coincide with high CPU usage
Method 4: PowerShell Detection Script
Run this in PowerShell (as Administrator) to find processes with suspicious characteristics:
Get-Process | Where-Object {$_.CPU -gt 50} |
Select-Object Name, CPU, Path |
Sort-Object CPU -DescendingCommon Cryptojacking Malware to Watch For
| Malware Name | Common Filenames | Behavior | Threat Level |
|---|---|---|---|
| XMRig | xmrig.exe, svchost32.exe | CPU mining, hides in system folders | High |
| CoinMiner | Various random names | Spreads via malicious downloads | High |
| WannaMine | Uses WMI, no visible file | Fileless malware, extremely persistent | Critical |
| PowerGhost | PowerShell scripts | Spreads across networks | Critical |
| Coinhive (defunct) | JavaScript in browsers | Browser-based mining | Medium |
How to Remove Cryptojacking Malware
Step 1: Disconnect from the Network
Unplug your ethernet cable or disable WiFi. This prevents the miner from receiving new work and stops it from downloading additional payloads.
Step 2: Boot into Safe Mode
- Press
Windows + R, typemsconfig - Go to the Boot tab
- Check "Safe boot" → "Network"
- Restart your computer
Step 3: Run Multiple Malware Scanners
Use multiple tools because no single scanner catches everything:
- Windows Defender Offline Scan: Settings → Update & Security → Windows Security → Virus & threat protection → Scan options → Microsoft Defender Offline scan
- Malwarebytes: Free version is sufficient for one-time scans
- AdwCleaner: Specifically targets adware and PUPs that may have installed the miner
Step 4: Check Scheduled Tasks
Cryptominers often create scheduled tasks to survive reboots:
- Open Task Scheduler (search in Start menu)
- Check Task Scheduler Library for unfamiliar entries
- Look for tasks running PowerShell, random executables, or batch files
- Delete any suspicious tasks
Step 5: Review Startup Programs
Open Task Manager → Startup tab. Disable anything unfamiliar. If in doubt, search the program name online before disabling.
Some cryptominers are incredibly persistent. If you've removed one but it keeps coming back, consider a fresh Windows installation. Back up your files (scan them first!) and start clean.
How to Prevent Cryptojacking
1. Keep Everything Updated
Many cryptominers exploit known vulnerabilities. Enable automatic updates for Windows, browsers, and all installed software.
2. Use a Reputable Ad Blocker
uBlock Origin and similar ad blockers can prevent browser-based cryptojacking scripts from loading.
3. Be Cautious with Downloads
Only download software from official sources. Avoid cracked software - it's a common vector for cryptominers.
4. Monitor Your System Regularly
Use tools like STX.1 to keep an eye on CPU usage patterns. Set up alerts for sustained high CPU usage when the system should be idle.
5. Use Browser Extensions
Extensions like NoCoin or MinerBlock specifically detect and block cryptocurrency mining scripts.
6. Implement Network Monitoring
Block connections to known mining pools at your router level. Many routers support domain blacklisting.
Using STX.1 to Detect Cryptojacking
STX.1 System Monitor is perfectly suited for detecting cryptojacking because it provides:
- Real-time CPU monitoring: See exactly what's using your processor at any moment
- Historical data: Review CPU usage over time to catch miners that activate when you're away
- Temperature tracking: Sustained high temperatures indicate unusual workloads
- Process identification: Quickly identify unknown processes consuming resources
- Low overhead: Unlike the malware, STX.1 uses minimal resources while monitoring
If you notice consistently high CPU usage or temperatures during idle periods, investigate immediately. Cryptominers are costing you money every second they run.
Cryptojacking is evolving constantly. New variants appear weekly with improved evasion techniques. Regular monitoring and good security hygiene are your best defenses.