Updated Sketchy websites are increasingly using cryptocurrency mining as a source of income.
CoinHive – the most prevalent cryptocurrency mining code provider – and its clones are becoming an alternative to dodgy advertising affiliate programs and survey scams in many cases.
More than 220 websites – mostly porn sites and torrent trackers – silently launch mining threads when surfers visit their sites, according to a new study by Adguard. The consumer-focused security firm reckons at least $43K was mined in Monero, as of October 10, based on the average time spent on website. Cryptocurrency mining code contaminated websites with an aggregated audience of 500 million people.
Real Mad-quid: Murky cryptojacking menace that smacked Ronaldo site growsREAD MORE
Cryptojacking scripts sometimes turn up on mainstream websites. For example, TV channel Showtime and the official website of Real Madrid star Cristiano Ronaldo were both caught harbouring CoinHive code recently. Pirate Bay admitted that it had experimented with the technology, something that happened without telling users beforehand.
Security researchers such as Troy Mursch (aka Bad Packets) have found it difficult to get sites to act on reports of infection. This means it can be difficult to determine whether third party hackers have planted the code on insecure sites or whether it’s there as a sanctioned money making move. The anonymity offered by digital currencies adds to the confusion.
The largest website sporting mining code is the Dropbox clone uptobox.com, which is a top-1000 website, according to Alexa's worldwide rankings of sites by traffic, with 60 million-plus monthly visitors, Adguard reports.
The CoinHive team has called on website operators to inform their users about mining operations but there’s no facility to block misuse of the technology by the unscrupulous, according to Adguard, which adds that three more clones of CoinHive appeared over the three week period of its recent study.
Ad blockers and antivirus programs have added features that block browser mining. AdGuard has updated its apps to give users the choice to let a site mine, or to forbid it to launch mining in their browsers. Informed consent lies at the root of objections to cryptocurrency mining practices. Done with permission the technology offers an alternative revenue stream to publishers outside of online ads, which many find either intrusive or annoying.
An earlier study on how cryptocurrency mining is being abused can be found in a blog post by Malwarebytes here. ®
As a reader just emailed in to point out, El Reg ourselves have done this sort of thing in the past (just kidding – it was an April Fool's Day joke!)