So said security firm Malwarebytes in an analysis emitted on Monday, but Coinhive developers disputed those findings and argued that a third of cryptomining-using websites get their users' consent.
Cryptomining sees web pages operators use visitors' computers to mine for the Monero cryptocurrency as they surf a site. Sometimes the mining is covert, as a result of mining malware infections. Publishers can also run miningware without explicitly telling users about their efforts. On other occasions publishers formally tell visitors they're helping it to raise funds by running mining code.
Coinhive tried to make the last cryptomining scenario legit by offering software that only works after users opt-in. In October 2017 the outfit therefore introduced a new API (AuthedMine) that explicitly requires user input for any mining activity to be allowed.
Reg now behind invisible HTML5 Bitcoin paywallREAD MORE
Data from Malwarebytes, unveiled on Monday, said that in January and February 2018 the opt-in version of Coinhive was used by just 40,000 folk each day compared to three million users of its silent miner. The security software firm adds that even sites that do use the opt-in option may still be crippling machines by running an unthrottled miner, as was the case this month of Salon, a news website.
The developers of Coinhive disputed these figures. “We don't have statistics about the exact number of clients, but as for our raw hashrate: ~35% comes from AuthedMine,” the developers told El Reg via Twitter. “Many sites still use the classic implementation with their own (non intrusive) opt-in or with a prominent opt-out. Ultimately it's the decision of the website owners.”
Malwarebytes' findings were supported by security researcher Troy Mursch who said its figures are consistent with his own research.
The Coinhive crew went on to claim that Malwarebytes blocks AuthedMine, too. “Attempts to get this resolved remained unanswered,” they said.
Malwarebytes' The State of Malicious Cryptomining report also notes how groups used the WannaCry vulnerabilities to infect servers with cryptomining packages, a tactic previously reported by El Reg. ®
Bootnote: The "Read More" box above links to our 2017 April Fool's Day prank, in which we joked that we'd added cryptomining to the site. Not many months later, actual cryptomining became prevalent.