Cryptojacking is a technique used by cybercriminals to mine cryptocurrencies without authorization, taking advantage of teh processing power of a victim’s device – whether active or inactive – by executing malicious code. victims may not be aware that this is happening in the background, but may experience reduced performance, overheating, and increased fan activity (with noticeable noise). On Android devices, the workload can even “swell” the battery and cause physical damage or destruction of the equipment. ESET, a leading company in proactive threat detection, identified through its telemetry the main sites where malicious miners are most frequently detected in the region.
this threat was very present during 2025; such as, in july, a campaign compromised more than 3,500 websites to carry out illicit mining. Within ESET’s telemetry data in Latin America during the second half of 2025, two profiles of domains associated with detections of mining scripts stand out:
- Risky “expected” sites: these can be piracy pages, unofficial file downloads, and streaming sites. Common characteristics of these sites, monetized by cybercriminals, are prolonged stay time, the presence of aggressive advertising (malvertising), and the constant execution of third-party scripts.
- Compromised legitimate sites: such as schools, SMEs, local news media, or any other site that does not initially pose special risks. In these cases,the benefit for the attackers is not in the visitor’s stay time,but in the volume of compromised sites.
The 5 types of sites with the most detections according to ESET’s telemetry in the region during 2025 are:
1 – Pirate download sites via torrents / repacks (unofficial downloads): While these sites can mine directly, they generally display malicious ads that contain the script. These ads are often very aggressive, with constant pop-ups, and also execute third-party scripts.
Examples: piratebays.to (34.8%) ; thepiratebay3.to; thepiratebay2.to; switchtorrent.org or fitgirl-repacks.site
2 – Anime/manga: These are prolonged consumption environments. Visitors read or watch chapters for a long time, browse and
Cryptocurrency mining Threat in Latin America
Table of Contents
cryptocurrency mining has evolved from a niche activity to a notable threat affecting legitimate organizations across Latin America, sustained by ongoing and covert campaigns.
ESET’s Findings and Regional impact
According to a report by ESET Latinoamérica,cryptocurrency mining is no longer confined to illicit websites or marginal actors; it now actively targets and compromises legitimate organizations throughout Latin America. ESET’s research details persistent and stealthy campaigns leveraging compromised systems for illicit cryptocurrency mining.
This activity, frequently enough referred to as “cryptojacking,” involves unauthorized use of computing resources to mine cryptocurrencies, impacting system performance and possibly leading to increased energy consumption and operational costs for affected organizations.
recent Trends and Techniques (as of January 21, 2026)
As of January 21, 2026, the threat landscape remains consistent with ESET’s 2023 findings, with no major shifts reported by cybersecurity authorities. CERT.br reported an increase in cryptojacking attacks in Brazil during the first half of 2023, indicating continued regional vulnerability. While specific attack vectors evolve, the core problem of unauthorized mining persists.
Attackers commonly employ techniques such as:
- Malicious Websites: Injecting JavaScript code into websites to mine cryptocurrency using visitors’ CPUs.
- malware: Distributing malware through phishing emails, software vulnerabilities, or drive-by downloads.
- Compromised Servers: Exploiting vulnerabilities in servers to install mining software.
Affected Sectors and Countries
Cryptojacking attacks have been observed across various sectors in Latin America, including government, education, and finance. Kaspersky’s analysis highlights that countries like Brazil, Mexico, and Colombia are especially targeted due to their large internet user bases and relatively lower cybersecurity awareness.
For example, in 2023, several universities in Colombia experienced performance issues due to undetected cryptojacking activity on their networks, as reported by local cybersecurity firms. The exact financial impact remains challenging to quantify, but it is indeed estimated to be in the tens of thousands of dollars annually for larger institutions.
Mitigation Strategies
Organizations can mitigate the risk of cryptojacking by implementing the following measures:
- Endpoint Detection and Response (EDR) Solutions: Deploying EDR solutions to detect and block malicious mining activity.
- Web Filtering: Blocking access to known malicious websites.
- Regular Security Audits: Conducting regular security audits to identify and address vulnerabilities.
- Employee Training: Educating employees about phishing and other social engineering tactics.
- Network Monitoring: Implementing network monitoring tools to detect unusual CPU usage or network traffic.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) provides resources and guidance on protecting against cryptojacking, which are applicable to organizations in Latin America.
