Hidden Cryptocurrency Miner Coinhive’s Rapid Growth and it’s Prevention Techniques

It is very usual these days to find many applications having a hidden crypto-mining module. But the recent trend is more mainstream and is done via web pages. Yes, now websites have started doing crypto-mining and are done totally in the background, all thanks to Coinhive.

To note, we have already reported about the beginning of this web-based mining last month.

What’s Coinhive?

Coinhive offers a JavaScript miner for the Monero Blockchain that can be embedded into other Websites. The users run the miner directly in their Browser and mine XMR for the site owner in turn for an ad-free experience, in-game currency or whatever incentives they are availing to their users/visitors.

A traditional miner would go for GPU resources on a device or a PC, but what makes Coinhive different is that it uses CPUs compute power. And this gives it a great advantage because it works on every computing device that can run a javascript page.

A fake 1337x and 400+ websites have this mining script active:

Ad blocker AdGuard last month reported that 220 sites on the Alexa top 100,000 listserve crypto mining scripts to more than 500 million people.

But we found that number crossed its next 100th marker faster, and now more than 400 sites under Alexa top 100,000 are running this script on their visitor’s machines and devices

At GBHackers, we discovered one such fake site ( www.1337x.io ) of the very popular torrent sharing site 1337x doing this. The problem is, when you google this site’s name, the first result you get is the fake website’s address. So, we reported this site immediately to Google and the next day, the script was removed from the source code.

Here is how their script looks like,

As per CoinHive ,

If you run a blog that gets 10 visits/day, the payout will be minuscule. But with just 10–20 active miners on your site, you can expect a monthly revenue of about 0.3 XMR (~$38).

It’s a good deal for a site owner and we like the idea of CoinHive But also, we feel it’s not ready for its prime time yet. We will give you one good reason for that.

It’s not possible to determine the computing potential of every visitor’s machine and set the mining throttle number to some value. If you set it to something high, the visitor’s PC performance will cripple and he will never visit the site again. And if you set it to low, you will not earn much to keep the blog going.

“We do not claim that Coin Hive is malicious, or even necessarily a bad idea,” noted Adam Kujawa, director of Malwarebytes Labs. “The concept of allowing folks to opt-in for an alternative to advertising, which has been plagued by everything from fake news to malvertising, is a noble one. The execution of it is another story.”

Both AdGuard and Malwarebytes give end users who want to support a site using Coinhive the option of accessing the mining script. In announcing the move, Malwarebytes wrote: “ The reason we block Coinhive is that there are site owners who do not ask for their users’ permission to start running CPU-gorging applications on their systems.

A regular Bitcoin miner could be incredibly simple or a powerhouse, depending on how much computing the user running the miner wants to use. The JavaScript version of a miner allows customization of how much mining to do, per user system, but leaves that up to the site owner, who may want to slow down your computer experience to a crawl. “

Hearing everyone’s plea and seeing all the fuzz about the abuse, coinhive had come up with a great way of dealing this issue. It’s called . As per Coinhive,  it is similar to the previous cryptocurrency miner but with one crucial and very important addition – a user consent page.

“AuthedMine enforces an explicit opt-in from the end user to run the miner. We have gone to great lengths to ensure that our implementation of the opt-in cannot be circumvented and we pledge that it will stay this way. The AuthedMine miner will never start without the user’s consent.”

So, what if you don’t like websites mining crypto-currency using your computer’s power?

If you are a geek, you would already probably know the trick. Hint: Use script blockers like uBlock Origin

But if you are a normal user, install AdGuard’s extension on your browser and you will be good to go. Here is a screenshot of how AdGuard reacts to a website running a crypto-mining script in the backend.

Using Coinhive’s crypto-mining script is definitely a great deal for the blog owners. But unfortunately, it’s a bad news for the visitors as their CPUs power is being continuously eaten which takes a huge toll on their electricity bills.

So, we suggest our users to be extra cautious while visiting sites on the internet from now on. And if you like some website or a blog and want to support them, you may allow them to mine crypto-currency using your computer’s energy.

 

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

8 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

8 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

11 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

14 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

15 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

15 hours ago