How is malicious mining done?

Cybercriminals infiltrate devices to install malware for mining, and these programs run in the background to mine cryptocurrencies or steal from existing cryptocurrency wallets, while unsuspecting victims use their devices normally, and all they may notice is a slow device or some errors.

Hackers typically follow two main paths to access the victim's device for clandestine cryptocurrency mining:

By tricking the victim into opening a malicious link sent to them in an email that downloads mining code onto their computer.

By compromising a website or an online advertisement with JavaScript code that runs automatically once loaded in the victim's browser.

Hackers often use both methods to maximize their profits and success, and in both cases, the code places the malicious mining script on the device and operates in the background while the victim continues their normal activities. Regardless of the method used to plant the mining malware, the script performs calculations on the victims' devices and sends the results to servers controlled by the hacker.