CYBER NEWS

1 in 1,000 Websites Is Running the Coinhive Miner

New statistics reveal that 2,531 of the top 3 million websites are running the Coinhive miner, which amounts to 1 in 1,000 websites. To no one’s surprise, BitTorrent websites are the main perpetrators. But they are not the only ones. It turns out that even the Ecuadorian Papa John’s Pizza site contains the code.

Coinhive Is Being Widely Exploited by Thousands of Websites

Why is it bad for users? The Coinhive crypto-mining software is bad for online users because it gulps resources from the machines without the users’ knowledge or initial consent.

What is Coinhive? Coinhive was created in September. The software basically allows Monero mining directly within a browser. As explained by the developers of the software, Coinhive offers a JavaScript miner for the Monero Blockchain that can embed in a website. Users of the website run the miner directly in their browser and mine XMR for the website owner in turn for an ad-free experience, in-game currency or whatever incentives you can come up with.

Related Story: Monero Cryptocurrency to Follow Bitcoin in Criminal Popularity?

The software is easy to integrate with its API integration and offers simplicity. However, the failure to apply an opt-in process to provide user consent makes it somehow dubious. As a result, the software has been abused to an unbelievable extent.

Some somewhat suspicious websites started running the Coinhive API in non-throttled mode, binding users’ computers. There are other cases where attackers integrated the software on third-party websites. This is known as crypto-jacking also known as drive-by mining.

Android Devices Also at Risk of Mining

Not only desktop computers are at risk of mining. Security vendors are notifying that two games on the Google Play store, Puzzle and Reward Digger, are currently mining cryptocurrency from countless infected Android phones.

As we already wrote, cryptocurrency miners have successfully sneaked in the Google Play store. Researchers have found apps with malicious capabilities directed towards cryptocurrency mining. The apps were found to use dynamic JavaScript loading in combination with native code injection to bypass detection by security vendors. Read more about the incidents here.

Related Story: WaterMiner Monero Miner Is the Newest Cryptocurrency Malware

Furthermore, Netskope found a Coinhive miner installed as a plugin on a tutorial webpage for Microsoft Office 365 OneDrive for Business. The website removed the Coinhive plugin after it was informed about the issue. “The tutorial webpage hosted on the website was saved to the cloud and then shared within an organisation,” said Netskope.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...