News Ticker
  • ThePlace, TheGeeks Invites available for sell! Message Thanos!
  • Empornium | Cinemageddon | Redacted | Pornbay | BeyondHD & many trackers Invites Available! Message Thanos!
  • Free IPtorrents & Bitspyder invite on Member Shop.
Sign in to follow this  

Not even ordering pizza is safe from the browser crypto-mining scourge

1 post in this topic

A total of 2,531 of the top 3 million websites (1 in 1,000) are running the Coinhive miner, according to new stats from analytics firm Red Volcano.

BitTorrent sites and the like were the main offenders but the batch also included the Ecuadorian Papa John's Pizza website [see source code].

JavaScript-based Coinhive crypto-mining software on websites is bad news for surfers because the technology can suck up power and resources without user consent.

Coinhive launched a service in September that allowed mining of a digital currency called Monero directly within a web browser. The simplicity of the Coinhive API integration made the approach successful but partly due to several initial oversights – most notably through a failure to enforce an opt-in process to establish user consent – the technology has been widely abused.

Some less than salubrious web portals started to run the Coinhive API in non-throttled mode, tying up users' machines in the process. In other cases hackers planted code crypto-mining software on third-party websites, a practice known as either crypto-jacking or drive-by mining.

Instances of crypto-mining code on webpages or buried within rogue smartphone apps keep rolling in.

Security vendor Ixia warns two games on the Google Play store, Puzzle and Reward Digger, by AK Games are actively mining cryptocurrency from thousands of infected Android mobile phones.

Android cryptocurrency mining malware can be quite lucrative for cybercriminals. For instance, total profits earned on one specific Magicoin wallet are equal to $1,150 at current exchange rates, according to Ixia's report. This makes cryptominers the next generation of adware software, Ixia concluded.

Elsewhere Netskope discovered a Coinhive miner installed as a plugin on a tutorial webpage for Microsoft Office 365 OneDrive for Business. The offending website –[.]net – removed the Coinhive plugin after it was notified about the issue. "The tutorial webpage hosted on the website was saved to the cloud and then shared within an organisation," according to Netskope.

Microsoft told El Reg that its "security software detects and blocks this application". Ad blockers and antivirus programs have also added features that block browser mining but few security watchers think this alone will bring the issue to heel. The opportunity to coin in cryptocurrency by enslaving the machines of others is just too tempting for unscrupulous websites and black hats.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this