This article is more than 1 year old

Coinhive crypto-jacking increasingly pops up in top 3 million websites

Not even ordering pizza is safe from the browser crypto-mining scourge

A total of 2,531 of the top 3 million websites (1 in 1,000) are running the Coin Hive miner, according to new stats from analytics firm Red Volcano.

BitTorrent sites and the like were the main offenders but the batch also included the Ecuadorian Papa John's Pizza website [see source code].

JavaScript-based Coin Hive crypto-mining software on websites is bad news for surfers because the technology can suck up power and resources without user consent.

Coin Hive launched a service this year that allowed mining of a digital currency called Monero directly within a web browser. The simplicity of the Coin Hive integration made the approach successful but partly due to several initial oversights – most notably through a failure to enforce an opt-in process to establish user consent – the technology has been widely abused.

Drive-by mining

Drive-by mining is the new drive-by downloading [source: Malwarebytes white paper]

Some less than salubrious web portals started to run the Coin Hive JavaScript in non-throttled mode, tying up visitors' machines in the process. In other cases hackers planted code crypto-mining software on third-party websites, a practice known as either crypto-jacking or drive-by mining, as security biz Malwarebytes put it.

Top 10 countries exposed to drive-by mining

US and Spain top the list of countries most impacted by drive-by mining [source: Malwarebytes]

Instances of crypto-mining code on webpages or buried within rogue smartphone apps keep rolling in.

Security vendor Ixia warns two games on the Google Play store, Puzzle and Reward Digger, by AK Games are actively mining cryptocurrency from thousands of infected Android mobile phones.

Android cryptocurrency mining malware can be quite lucrative for cybercriminals. For instance, total profits earned on one specific Magicoin wallet are equal to $1,150 at current exchange rates, according to Ixia's report. This makes cryptominers the next generation of adware software, Ixia concluded.

Elsewhere Netskope discovered a Coin Hive miner installed as a plugin on a tutorial webpage for Microsoft Office 365 OneDrive for Business. The offending website –[.]net – removed the Coin Hive plugin after it was notified about the issue. "The tutorial webpage hosted on the website was saved to the cloud and then shared within an organisation," according to Netskope.

Microsoft told El Reg that its "security software detects and blocks this application." Ad blockers and antivirus programs have also added features that block browser mining but few security watchers think this alone will bring the issue to heel. The opportunity to coin in cryptocurrency by enslaving the machines of others is just too tempting for unscrupulous websites and black hats. ®

More about

More about

More about


Send us news

Other stories you might like