Which Unix command monitors CPU usage in real time to help detect issues like cryptojacking?

Real-time monitoring of CPU usage to spot anomalous resource use is about watching ongoing activity across processes. The top command continuously refreshes and presents a live list of running processes sorted by CPU usage, along with current system load and utilization statistics. That live view makes it easy to spot a single process hogging the CPU, which is a common sign of cryptojacking trying to mine cryptocurrency in the background. The other utilities have narrower, non-real-time roles: ps shows a snapshot of processes at one moment and doesn’t reflect ongoing spikes; df reports disk space usage; free shows memory availability. So, the ability to refresh continuously and highlight per-process CPU consumption is why top is the best tool for this use case.