Friday, March 29, 2024

Hidden Cryptocurrency Miner Coinhive’s Rapid Growth and it’s Prevention Techniques

It is very usual these days to find many applications having a hidden crypto-mining module. But the recent trend is more mainstream and is done via web pages. Yes, now websites have started doing crypto-mining and are done totally in the background, all thanks to Coinhive.

To note, we have already reported about the beginning of this web-based mining last month.

What’s Coinhive?

Coinhive offers a JavaScript miner for the Monero Blockchain that can be embedded into other Websites. The users run the miner directly in their Browser and mine XMR for the site owner in turn for an ad-free experience, in-game currency or whatever incentives they are availing to their users/visitors.

A traditional miner would go for GPU resources on a device or a PC, but what makes Coinhive different is that it uses CPUs compute power. And this gives it a great advantage because it works on every computing device that can run a javascript page.

A fake 1337x and 400+ websites have this mining script active:

Ad blocker AdGuard last month reported that 220 sites on the Alexa top 100,000 listserve crypto mining scripts to more than 500 million people.

But we found that number crossed its next 100th marker faster, and now more than 400 sites under Alexa top 100,000 are running this script on their visitor’s machines and devices

At GBHackers, we discovered one such fake site ( www.1337x.io ) of the very popular torrent sharing site 1337x  doing this. The problem is, when you google this site’s name, the first result you get is the fake website’s address. So, we reported this site immediately to Google and the next day, the script was removed from the source code.

Here is how their script looks like,

Coinhive

As per CoinHive ,

If you run a blog that gets 10 visits/day, the payout will be minuscule. But with just 10–20 active miners on your site, you can expect a monthly revenue of about 0.3 XMR (~$38).

It’s a good deal for a site owner and we like the idea of CoinHive But also, we feel it’s not ready for its prime time yet. We will give you one good reason for that.

It’s not possible to determine the computing potential of every visitor’s machine and set the mining throttle number to some value. If you set it to something high, the visitor’s PC performance will cripple and he will never visit the site again. And if you set it to low, you will not earn much to keep the blog going.

“We do not claim that Coin Hive is malicious, or even necessarily a bad idea,” noted Adam Kujawa, director of Malwarebytes Labs. “The concept of allowing folks to opt-in for an alternative to advertising, which has been plagued by everything from fake news to malvertising, is a noble one. The execution of it is another story.”

Both AdGuard and Malwarebytes give end users who want to support a site using Coinhive the option of accessing the mining script. In announcing the move, Malwarebytes wrote: “ The reason we block Coinhive is that there are site owners who do not ask for their users’ permission to start running CPU-gorging applications on their systems.

A regular Bitcoin miner could be incredibly simple or a powerhouse, depending on how much computing the user running the miner wants to use. The JavaScript version of a miner allows customization of how much mining to do, per user system, but leaves that up to the site owner, who may want to slow down your computer experience to a crawl. “

Hearing everyone’s plea and seeing all the fuzz about the abuse, coinhive had come up with a great way of dealing this issue. It’s called . As per Coinhive,  it is similar to the previous cryptocurrency miner but with one crucial and very important addition – a user consent page.

“AuthedMine enforces an explicit opt-in from the end user to run the miner. We have gone to great lengths to ensure that our implementation of the opt-in cannot be circumvented and we pledge that it will stay this way. The AuthedMine miner will never start without the user’s consent.”

So, what if you don’t like websites mining crypto-currency using your computer’s power?

If you are a geek, you would already probably know the trick. Hint: Use script blockers like uBlock Origin

But if you are a normal user, install AdGuard’s extension on your browser and you will be good to go. Here is a screenshot of how AdGuard reacts to a website running a crypto-mining script in the backend.

Coinhive

Using Coinhive’s crypto-mining script is definitely a great deal for the blog owners. But unfortunately, it’s a bad news for the visitors as their CPUs power is being continuously eaten which takes a huge toll on their electricity bills.

So, we suggest our users to be extra cautious while visiting sites on the internet from now on. And if you like some website or a blog and want to support them, you may allow them to mine crypto-currency using your computer’s energy.

 

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles