Tuesday, February 18, 2025
HomeCryptocurrency hackOver 500 Million Users PC's are Secretly Mining CryptoCurrency in Browser without...

Over 500 Million Users PC’s are Secretly Mining CryptoCurrency in Browser without Users Knowledge

Published on

SIEM as a Service

Follow Us on Google News

Over 500 million computer are mining cryptoCurrency in their browsers without users knowledge by 100 of the website by injecting mining scripts in their browsers by secretly hijacks visitors CPU’s.

Crypto mining is not something like malware or any other malicious payload but its used by many top ranking websites for injecting a mining JavaScript into visitors browsers by hijacking the CPU process and Slow Down the computer using up processing power.

This impact has estimated as very huge which is around 500 Million users around the World because of 220 websites of 100k top ranking websites are using crypto-Mining scripts to inject the visitor’s browsers.

Also Read : Over 1.65 Million Users Infected By Malware Miners In 2017

These top order websites are Mining cryptocurrency for generating revenue through ads by injecting aa mining scripts into visitors browsers by abusing these website reputation especially they launch mining when a user opens their main page, with an aggregated audience of 500 million peoples.

Affected Countries – Mining CryptoCurrency

Affected Users Countries Estimated around the globe including USA, China, South American and European countries, Russia, India, Iran.

This CryptoMining website estimated joint profit at over US $43,000, and this money has been made in three weeks at almost zero cost.

According to AdGuard, Examining the website list more closely, we discovered that many of them are from the “gray zone”, mostly pirate TV and video sites, Torrent trackers and porn websites. Judging from these characteristics, we begin to wonder if browser mining is a bad thing and if it should be banned from the Internet.

In this case, Many of Top Oder website’s are using Most Popular CryptoCurrency and JSEcoin.

Fewdays Before security researcher Troy Mursch Discovered that Politifact.com using CoinHive and caused his computer’s CPU to run at its maximum capacity.

In fact, the largest torrent search engine, The Pirate Bay, that made CoinHive famous by being caught using it.

The company’s video streaming platforms are the exact type of websites that are good for mining: They boast a huge audience that keeps their site open in their browsers for a long time.

The ethical way for a website to earn money by mining through its audience’s computers is to ask the audience for permission first, and to allow them the possibility to opt out. Actually, such a practice could make mining even more ethical than ads. After all, nobody asks us if we would like to see ads on a website. adguard Said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Highly Obfuscated .NET sectopRAT Mimic as Chrome Extension

SectopRAT, also known as Arechclient2, is a sophisticated Remote Access Trojan (RAT) developed using...

Threat Actors Trojanize Popular Games to Evade Security and Infect Systems

A sophisticated malware campaign was launched by cybercriminals, targeting users through trojanized versions of...

New Research Aims to Strengthen MITRE ATT&CK for Evolving Cyber Threats

A recent study by researchers from the National University of Singapore and NCS Cyber...

New LLM Vulnerability Exposes AI Models Like ChatGPT to Exploitation

A significant vulnerability has been identified in large language models (LLMs) such as ChatGPT,...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Malicious Solana Packages Attacking Devs Abusing Slack And ImgBB For Data Theft

Malicious packages "solanacore," "solana login," and "walletcore-gen" on npmjs target Solana developers with Windows...

PHP Servers Vulnerability Exploited To Inject PacketCrypt Cryptocurrency Miner

Researchers observed a URL attempts to exploit a server-side vulnerability by executing multiple commands...

The Defender vs. The Attacker Game

The researcher proposes a game-theoretic approach to analyze the interaction between the model defender...