In many cases, websites have also embedded the code to generate cryptocurrencies as an alternative to online advertisements as a source of revenue. However, not all explicitly disclose that they are using visitors' processing power to generate coins or asked for their permission to do so.
Check Point's latest GLobal Threat Index reported cryptominers have become a prolific threat in the cybersecurity landscape. In fact, Coinhive and other variants made its list of Ten Most Wanted Malware.
"Cryptojacking scams have continued to evolve, and they don't even need you to install anything," the FTC said in a blog. "Scammers can use malicious code embedded in a website or an ad to infect your device. Then they can help themselves to your device's processor without you even knowing.
"You might make an unlucky visit to a website that uses cryptojacking code, click a link in a phishing email, or mistype a web address. Any of those could lead to cryptojacking. While the scammer cashes out, your device may slow down, burn through battery power, or crash."
Users who believe they were or are currently victims of illicit cryptojacking can now file an official complaint with the FTC - marking a significant, government-led acknowledgement of cryptojacking as an illegal practice.
"Look for and close performance hogs," the FTC advised. "It can be hard to diagnose cryptojacking, but one common symptom is poor device performance. Consider closing sites or apps that slow your device or drain your battery."