Websites caught using visitor’s browsers to mine cryptocurrency

Coinhive - mining cryptocurrency

The ongoing collapse in online advertising revenue is leading some websites to come up with novel, and underhanded, ways to make some money.

Some sites, such as Showtime’es streaming site Showtime Anytime and BitTorrent search engine The Pirate Bay, have been found to be using processing power from visitor’s browsers in order to mine the cryptocurrency Monero.

According to The Register, the Javascript inserted into the sites used up to 60% of the user’s CPU capacity.

The monero-mining scripts come from a company called Coinhive, which markets itself to companies as a way to generate revenue aside from ads.

“Showtime is far from the only site employing this monetising technique. We have detected 991 domains currently loading the Coinhive code via our global proxy network by collected data from servers, frameworks, JavaScript libraries and more,” Fabian Libeau, VP EMEA at RiskIQ said.

“Where some sites are asking permission, others are leveraging their users’ machines to collect Manero without their consent. Essentially, this degrades their experience and results in slower speeds.”

‘An opportunity for bad actors’

Showtime has now removed the code from its website, while The Pirate Bay told the media that its was ‘testing’ the feature as a new way of generating revenue but is not currently using it. Users also found that the miner can be blocked through some ad-blockers.

However, while the sites are all using user CPU to mine cryptocurrency, they are doing so in a wide range of circumstances. While some sites actively seek user consent to mine Monero, others do not, with the result being a significant degradation of user experience and much slower speeds.

“This Monero mining technique is also an opportunity for bad actors to spin up fake, illegitimate websites to siphon money off of major brands with typo-squatting domains,” said Libeau.

“In the 991 domains we found, there were many examples of typo-squatting and domain infringement. By leveraging domains or subdomains that appear to belong to major brands, these actors trick people to visiting their sites running the Coinhive Monero mining script to monetise their content.”

According to cybersecurity news website Bleeping Computer, it is currently unclear whether Showtime were hacked or intentionally included the mining script in order to generate revenue. The site believes that the most likely option is that the company did it on purpose as part of an experiment.

A report by TorrentFreak estimated that The Pirate Bay could make somewhere around $12,000 a month through background mining.

Libeau continued:

“Unfortunately, security teams lack visibility into all of the ways that an organisation can be attacked externally, and struggle to determine the weaknesses in the armour. It’s crucial to understand what belongs to your organisation, how it’s connected to the rest of the asset inventory, and what potential vulnerabilities are exposed to compromise.

“In the case of Coinhive, it means being able to inventory all the third party code running on web assets, and being able to detect instances of threat actors leveraging a brand on illegitimate sites around the internet.”


Interested in hearing leading global brands discuss subjects like this in person? Find out more at the Blockchain Expo World Series, Global, Europe and North America.


View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *