Wednesday, December 25, 2024
HomeCryptocurrency hackHidden Cryptocurrency Miner Coinhive's Rapid Growth and it's Prevention Techniques

Hidden Cryptocurrency Miner Coinhive’s Rapid Growth and it’s Prevention Techniques

Published on

SIEM as a Service

It is very usual these days to find many applications having a hidden crypto-mining module. But the recent trend is more mainstream and is done via web pages. Yes, now websites have started doing crypto-mining and are done totally in the background, all thanks to Coinhive.

To note, we have already reported about the beginning of this web-based mining last month.

What’s Coinhive?

Coinhive offers a JavaScript miner for the Monero Blockchain that can be embedded into other Websites. The users run the miner directly in their Browser and mine XMR for the site owner in turn for an ad-free experience, in-game currency or whatever incentives they are availing to their users/visitors.

- Advertisement - SIEM as a Service

A traditional miner would go for GPU resources on a device or a PC, but what makes Coinhive different is that it uses CPUs compute power. And this gives it a great advantage because it works on every computing device that can run a javascript page.

A fake 1337x and 400+ websites have this mining script active:

Ad blocker AdGuard last month reported that 220 sites on the Alexa top 100,000 listserve crypto mining scripts to more than 500 million people.

But we found that number crossed its next 100th marker faster, and now more than 400 sites under Alexa top 100,000 are running this script on their visitor’s machines and devices

At GBHackers, we discovered one such fake site ( www.1337x.io ) of the very popular torrent sharing site 1337x  doing this. The problem is, when you google this site’s name, the first result you get is the fake website’s address. So, we reported this site immediately to Google and the next day, the script was removed from the source code.

Here is how their script looks like,

Coinhive

As per CoinHive ,

If you run a blog that gets 10 visits/day, the payout will be minuscule. But with just 10–20 active miners on your site, you can expect a monthly revenue of about 0.3 XMR (~$38).

It’s a good deal for a site owner and we like the idea of CoinHive But also, we feel it’s not ready for its prime time yet. We will give you one good reason for that.

It’s not possible to determine the computing potential of every visitor’s machine and set the mining throttle number to some value. If you set it to something high, the visitor’s PC performance will cripple and he will never visit the site again. And if you set it to low, you will not earn much to keep the blog going.

“We do not claim that Coin Hive is malicious, or even necessarily a bad idea,” noted Adam Kujawa, director of Malwarebytes Labs. “The concept of allowing folks to opt-in for an alternative to advertising, which has been plagued by everything from fake news to malvertising, is a noble one. The execution of it is another story.”

Both AdGuard and Malwarebytes give end users who want to support a site using Coinhive the option of accessing the mining script. In announcing the move, Malwarebytes wrote: “ The reason we block Coinhive is that there are site owners who do not ask for their users’ permission to start running CPU-gorging applications on their systems.

A regular Bitcoin miner could be incredibly simple or a powerhouse, depending on how much computing the user running the miner wants to use. The JavaScript version of a miner allows customization of how much mining to do, per user system, but leaves that up to the site owner, who may want to slow down your computer experience to a crawl. “

Hearing everyone’s plea and seeing all the fuzz about the abuse, coinhive had come up with a great way of dealing this issue. It’s called . As per Coinhive,  it is similar to the previous cryptocurrency miner but with one crucial and very important addition – a user consent page.

“AuthedMine enforces an explicit opt-in from the end user to run the miner. We have gone to great lengths to ensure that our implementation of the opt-in cannot be circumvented and we pledge that it will stay this way. The AuthedMine miner will never start without the user’s consent.”

So, what if you don’t like websites mining crypto-currency using your computer’s power?

If you are a geek, you would already probably know the trick. Hint: Use script blockers like uBlock Origin

But if you are a normal user, install AdGuard’s extension on your browser and you will be good to go. Here is a screenshot of how AdGuard reacts to a website running a crypto-mining script in the backend.

Coinhive

Using Coinhive’s crypto-mining script is definitely a great deal for the blog owners. But unfortunately, it’s a bad news for the visitors as their CPUs power is being continuously eaten which takes a huge toll on their electricity bills.

So, we suggest our users to be extra cautious while visiting sites on the internet from now on. And if you like some website or a blog and want to support them, you may allow them to mine crypto-currency using your computer’s energy.

 

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Indonesia Government Data Breach – Hackers Leaked 82 GB of Sensitive Data Online

Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from...

IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack

IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating...

Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server

The Apache Software Foundation has issued a security alert regarding a critical vulnerability...

USA Launched Cyber Attack on Chinese Technology Firms

The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

New Meeten Malware Attacking macOS And Windows Users To Steal Logins

A sophisticated crypto-stealing malware, Realst, has been targeting Web3 professionals, as the threat actors...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Beware Of Malicious PyPI Packages That Inject infostealer Malware

Recent research uncovered a novel crypto-jacking attack targeting the Python Package Index (PyPI), where...