ACG-CYBER SECURITY BULLETIN NR 397: How Devices Are Secretly Hijacked for Cryptocurrency Mining

Posted on July 2, 2025

Reference Number: ACG-CSB 062725397

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

Cryptojacking involves the unauthorized use of devices such as computers, smartphones, and other internet-connected equipment to mine digital currencies. Threat actors may deliver the cryptomining script through malicious websites, or compromised browser extensions. Once activated, the script consumes a portion of the device’s computing resources, allowing the attacker to generate financial gain while the victim bears the cost in terms of system performance degradation and power consumption. It uses someone else’s device to mine cryptocurrency, which means solving complex tasks to earn digital coins. The attacker gets the reward, while the victim’s device slows down and uses more power. Affected devices often experience slow performance, overheating, and a rapid decline in battery life. This form of attack typically runs silently in the background, making it difficult to detect. Some cryptojacking tools may be bundled with additional malicious code, which could further compromise security.

Many users unknowingly encounter cryptojacking when visiting websites that appear legitimate. For example, someone browsing a free video streaming platform may begin to notice their laptop becoming unusually warm, the fan running loudly, and applications responding slow. These symptoms may be dismissed as normal performance issues, but in reality, the website may have embedded a cryptomining script that activates silently once the page loads, consuming system resources to mine cryptocurrency without the user’s consent.

RECOMMENDATION

The public is advised to follow these tips to mitigate the risk of unauthorized cryptocurrency mining and its associated consequences:

Observe computing devices for indicators of unauthorized mining activity, such as persistent high CPU usage, or reduced battery performance;
Refrain from installing applications or browser extensions sourced from unverified or unofficial platforms; and
Ensure that operating systems and web browsers are updated consistently, as cryptojacking threats frequently exploit known vulnerabilities in outdated systems.

For additional information, please refer to the following websites:

https://www.fortinet.com/resources/cyberglossary/cryptojacking
https://www.malwarebytes.com/cryptojacking
https://www.kaspersky.com/resource-center/definitions/what-is-cryptojacking

POINT OF CONTACT

Please contact PLTCOL JERRY V EMPIZO, Acting Chief, Cyber Security Unit, thru e-mail address csradacgroup@gmail.com or contact us by telephone number (632) 723-0401 local 7488 for any inquiries related to this CYBER SECURITY BULLETIN.