New statistics reveal that 2,531 of the top 3 million websites are running the Coinhive miner, which amounts to 1 in 1,000 websites. To no one’s surprise, BitTorrent websites are the main perpetrators. But they are not the only ones. It turns out that even the Ecuadorian Papa John’s Pizza site contains the code.
Coinhive Is Being Widely Exploited by Thousands of Websites
Why is it bad for users? The Coinhive crypto-mining software is bad for online users because it gulps resources from the machines without the users’ knowledge or initial consent.
The software is easy to integrate with its API integration and offers simplicity. However, the failure to apply an opt-in process to provide user consent makes it somehow dubious. As a result, the software has been abused to an unbelievable extent.
Some somewhat suspicious websites started running the Coinhive API in non-throttled mode, binding users’ computers. There are other cases where attackers integrated the software on third-party websites. This is known as crypto-jacking also known as drive-by mining.
Android Devices Also at Risk of Mining
Not only desktop computers are at risk of mining. Security vendors are notifying that two games on the Google Play store, Puzzle and Reward Digger, are currently mining cryptocurrency from countless infected Android phones.
Furthermore, Netskope found a Coinhive miner installed as a plugin on a tutorial webpage for Microsoft Office 365 OneDrive for Business. The website removed the Coinhive plugin after it was informed about the issue. “The tutorial webpage hosted on the website was saved to the cloud and then shared within an organisation,” said Netskope.