The Current Internet Rage: Websites Mining Crypto-currency

It seems that one can never browse the net safely. The moment you are connected to the internet, your safety is at risk. In comes “Coinhive”, a crypto currency mining service/software, which many cyber security firms have declared as the top malicious threat to web users. Coinhive is a crypto currency mining service, which is implemented in a website by installing a small amount of computer code. This code once run, tends to use up all the computing power of any browser that visits the website, in an attempt to use the visiting machine for mining Monero cryptocurrency.

Monero is slightly different from Bitcoin in the sense that Monero transactions are virtually untraceable. It is stated to be quite difficult for a third party to track Monero transactions between two persons. Making it the ultimate choice for cyber criminals. It all started with Coinhive releasing its mining code last year to web site owners as a source of earning money without having to run irritating advertisements on their site. However, this very soon became a security breach because the code started getting installed on hacked web sites, without the owner knowing about it. Once a user visits an infected website, the Coinhive code locks up the user’s browser and drains the devices battery in the process of mining Monero coins, this continues to happen as long as the user is browsing the site.

As of today there are approximately 22031 websites running Coinhive’s JavaScript miner code; though it is not necessary that each of these sites have installed the code intentionally. Another development that has happened over a period of time is the fact that it has started appearing at a variety of places depending on the ingenuity of the hacker. One of the most interesting implementations were seen in a Starbucks store in Buenos Aires, Argentina. The Wi-Fi network of the store had been modified in such a manner that any user trying to browse through the network would receive the web page embedded with Coinhive miner code. Another interesting deployment was seen in the GitHub site, wherein the miner code loaded from GitHub repositories inside legitimate websites via hidden iframes. This is not a new method for malware delivery, but a first as far as in-browser mining script delivery is concerned.Coinhive, was also reportedly discovered on the BlackBerry Mobile website. It was placed there by hackers who exploited a vulnerability in the site's e-commerce software that allowed them to anonymously mine cryptocurrency every time the website was viewed.

Now coming to the business model. What does Coinhive get out of all this?In step one, Coinhive distributes the codefor cryptocurrency miningfree to all web site owners. In step two, whenever any user browses the site, the crypto currency mining software uses the computational power of the user’s desktop PC / laptop for mining of crypto currency transactions. In step three, Coinhive keeps 30% of whatever amount of Monero cryptocurrency that is mined, whether or not a Web site has given consent to run it. The code is tied to a special cryptographic key that identifies which user account is to receive the other 70%. Whenever anybody complains about any specific deployment, they terminate the key.Itdoesn’t stop the malicious JavaScript from running, the only difference is that now Coinhive keeps 100% of the mined currency.

For the purpose of looking legitimate, Coinhive also has a version of its code called “AuthedMine”, Thisversion of the code is designed to ask a web site visitor for their permission for running the Monero mining scripts. However, as per cyber security firm Malwarebytes, this version of the software is hardly used. As per telemetry data provided by Malwarebytes, AuthedMine is used in a little more than one percent of all cases that involve Coinhive’s mining code.

Coinhive version: Coinhive feels that it has introduced a legitimate way for website owners to earn revenue, wherein they replace advertisements with cryptocurrency code. They also suggest it as a way to generate in-game currency for online games. Quoting the developers, “We believe that in-browser mining could become a viable alternative to micro payments. Users pay with their CPU time and electricity in exchange for contents or services.”

The mobile industry is also not safe. Hackers have been targeting mobile users for cryptocurrency mining since 2014. Android users in particular should refrain from downloading and installing apps from untrusted app stores, and should only rely on Google Play or other genuine app stores for their app requirements. Though, in the past a lot of shady apps have made it into Google Play, but at the end of the day Google does endeavor to find and remove them.