Hidden mining – a complete overview, methods of verification and protection


Hidden mining is a viral program that secretly and illegally mines cryptocurrency using the power of someone else’s computer. They have flooded the internet today and are doing a lot of harm! The article describes in detail the most important aspects related to the topic of virus miners. The following points are thoroughly analyzed: urgency of the problem; features; the nuances of the operation of the virus that mines crypto coins; harm from the action of algorithms that start mining; an effective way to detect a hidden miner virus; protection of desktops and mobile devices.

Antivirus notification when there is a threat to launch hidden mining:

The rapid evolution of the modern cryptocurrency market due to the rapid development of blockchain technologies has brought many useful and profitable opportunities to life. This, naturally, began to actively attract the interest of various thieves, scammers and other intruders. They are trying to steal from the owners of crypto coins, however, a relative “novelty” has become the hidden use of the power of other people’s desktop or mobile devices for the extraction of digital money. For this, specialized viruses are used – miner bots.

The principle of exploiting someone’s computing power is extremely simple – thieves, using different tricks, inject a malicious program that, when launched, begins to switch the direction of the CPU and GPU. As a result, the tasks of the PC owner are relegated by the system to a secondary position, and priority is given to the commands of the viral algorithm. Almost all the capabilities of the processor and video card are directed to the extraction of cryptocurrency.

There are many negative factors for hidden mining, so the relevance of this problem of our time is very relevant. Let us consider in detail the significant nuances of this method of fraud, study the features of hidden mining, and also thoroughly analyze the dangers that a malicious algorithm can bring. Such information is very important for every PC owner today.

Characteristic features of hidden mining

In order not to purchase special ASIC devices, high-performance processors or powerful video cards, scammers got used to using other people’s computers. This is done using special viruses for hidden mining. Somehow, this software is installed in the system, and then begins to load the computing power with its commands, the execution of which is entirely aimed at obtaining cryptographic coins. At the same time, the extracted funds are sent to the programmed address of the fraudster’s cryptocurrency wallet. The user himself notices a significant decrease in the speed of some large-scale operations performed by the device, but only a few are guessing about the true essence of the problem being detected.

In order for a mobile or desktop device to start extracting cryptocurrency for someone, it is necessary for a malicious algorithm to hit the hard drive and then integrate it into the system.

Attention! The capabilities of a malicious program are often not limited only to mining coins and sending them to a third-party crypto wallet. Fraudsters endow such miners with the ability to spy on the actions of Internet users and steal important passwords with access codes from personal accounts!

It is clear with the scheme of getting into the PC and the principle of the miner bot, however, there is another important nuance. The fact of detecting the action of a malicious program is not enough, since it is extremely difficult to calculate the location of this algorithm and carry out its destruction. This is due to the basic aspect – when the PC is operating normally, the additional load on the processor and video card is almost invisible. Obvious signs of a lack of performance of the main computational nodes appear only when you run some large programs such as “fancy” video games, activating a video player, etc. Often such failures are associated with system errors or violation of the optimal interaction of modules and normal programs.

The nuances of the virus that secretly mines crypto coins

Malicious programs that initiate the activation of cryptocurrency mining are characterized by a series of distinctive features. These features distinguish miners from classic Trojans, spyware and destructive viruses. There are eight basic aspects of hidden mining:

  1. A variety of ways for algorithms to enter a computer system. There are more often two options:

✅  Downloading and running the installation in parallel with some ordinary program received from the Web. Fraudsters skillfully disguise their malware by associating it with other data packets;

✅  Direct installation of the virus to the device. The method is rare because the attacker requires physical online access to the system. Here the user “launches” the thief on his own, allowing him to log in remotely to the computer.

  1.  “Smart” behavior of the virus miner. Once a malicious program is installed on the hard drive, its subsequent work may go unnoticed for a long time. This is typical of algorithms created by professionals that hide their presence during the activation of users of large programs. Simply put, they are automatically disabled so that no activity is detected. A little later, the algorithm is launched again without attracting attention. Yes, there are simple schemes that are quickly discovered, but there are fewer and fewer such products.
  2.  The load on the computing power of the PC is gradually increasing. Miner viruses are configured to mine one cryptocurrency. The creators of digital currencies initially set the option for the gradual complication of mining due to many reasons, so specialized algorithms also begin to systematically increase the load on the used elements of the device.
  1.  Viruses that extract crypto coins operate through mining pools, which is due to the ability to connect many separate devices to one line (address). It is important here that there is no need to prove the connection by the user.
  1.  Very effective disguise of a mining virus as a system service. This moment, plus a temporary suspension of work, makes the malware difficult to detect.
  1.  When installing the miner, the command to duplicate the source files in the hard disk space is automatically triggered. If a functioning algorithm is removed or damaged, then hidden mining will quickly be restored by reinstalling the program from the backup (“sleeping”) archive.

Nuance! One should take into account the insidiousness and cunning of the creators of malicious algorithms that secretly mine cryptocurrency. Regular antivirus programs are not capable of searching for and destroying these programs. Complex methods of finding and removing miners are required!

  1.  Triggering the launch of a hidden cryptocurrency miner through a coupled process. Often, turning on the PC normally automatically turns on the malicious algorithm.
  1. When active, a miner virus often blocks the correct operation of some functions of antivirus programs.

The danger of viruses that initiate the process of mining cryptocurrency

Malicious programs that use the power of a PC to secretly mine cryptocurrencies are fraught with many dangers for users and their devices. Experts separately mention such negative factors:

✅  The software in question significantly reduces the operating capabilities of the processor and video card required for useful work. The productivity of the device is significantly reduced.

✅  There is significant harm to the OS of the device on which the miner virus operates.

✅  Fraudsters, through specially configured programs, are able to receive personal data, for example, authorization information from an account on a cryptocurrency exchange or passwords from a digital coin store.

✅  Overheating of the elements of the computer system due to excessive loads. This contributes to the rapid breakdown of the device or, rarely, the occurrence of a fire.

There are many more negative aspects that accompany the work of malicious algorithms, however, the 4 outlined nuances are the leading ones.

An effective way to detect hidden miner virus

If suspicions arise of installing a special program on a PC that secretly mines cryptocurrency by mining, then you need to follow these steps:

  1. Check the operation of the device in normal load mode. You just need to open a resource-intensive program or a popular browser.
  2. Fix the load on the CPU and RAM using the task manager.
  3. Launch some game (background program).
  4. Recheck the RAM and CPU load levels.
  5. Compare the data and scrupulously analyze the identified changes.

When a detailed study of the parameters is carried out, it is important to instantly record a significant divergence of the expected workload of computer power with the identified values. There will be 100% overload and a clear slowdown in the game.

Important! The speed of actions during such testing is due to the peculiarities of modern miner viruses that havetily terminate their work when opening the task manager!

An additional indicator of the penetration of a malicious algorithm into the PC system is the self-minimization of the window of the running task manager. Many hidden virus miners automatically close it in about 3.5-6 minutes. This is an additional indicator of a possible infection of a desktop or mobile device with malware.

When it is discovered that a virus that secretly mines cryptocurrency by mining is working, it should be dealt with with its high-quality destruction. This is done through special antivirus software or in a radical way – by reinstalling the operating system.

Security measures and protection against hidden mining

It is impossible to protect your own PC from virus miners 100%, although there are effective methods that significantly minimize the risk of such infection.

The following preventive measures against hidden mining are recommended:

  1. Use a high-quality antivirus program capable of detecting and neutralizing spyware, Trojans, miner viruses, etc.
  2. Promptly update the databases of the protective antivirus program.
  3. Do not download or install software of dubious quality, developed by someone unknown.
  4. If a browser or antivirus program actively warns of the presence of a probable danger, then such signals should not be neglected.
  5. Safely store the private key, personal data, public key, passwords and other important information. Use two-factor verification codes when using crypto wallets and crypto exchange accounts.


The emergence of modern cyber threats directly related to the cryptocurrency sphere is a logical result of the growing popularity and rapid rise in price of virtual money. Of course, the information security industry is also progressing, enabling users to effectively prevent malware from infiltrating devices. There are high-quality tools for protecting and checking computers in order to quickly detect viral algorithms, including programs for hidden mining.

Specialists are improving security algorithms, improving the capabilities of browsers, optimizing applications to block hidden miner viruses. It is necessary to use such means competently and many dangers will be anticipated in a timely manner and the device will not be used for hidden cryptocurrency mining.


Leave A Reply

Your email address will not be published.