Think You Can’t Be a Victim of Cryptojacking? 1 Billion Users Hit by 4 Websites Alone!
We have seen multiple reports so far focusing on how websites use their visitors' machines to mine for cryptocurrencies, especially Monero. The epidemic that first made it to the headlines thanks to ThePirateBay appears to have grown at an alarming speed. Security researchers have now revealed that up to 1 billion users of streaming services may have been victims of cryptojacking.
Cryptojacking continues to gain popularity thanks to ad blocker circumvention
In a research published earlier today, AdGuard said stealth mining of cryptocurrency is becoming extremely popular with website operators trying to monetize their traffic. But just how bad is this situation? AdGuard is putting the number of victims at over 1 billion users. In their research, security experts have only focused on 4 popular websites that have an aggregated audience of 1 billion visitors.
"While analyzing the first complaints, we came across several VERY popular websites that secretly use the resources of users' devices for cryptocurrency mining and were avoiding ad blockers so far," the researchers wrote. "According to SimilarWeb, these four sites register 992 million visits monthly."
And the total monthly earnings from crypto-jacking, taking into account the current Monero rate, can reach $326,000. These are simply outrageous figures, especially if we add them to the results of our previous research.
The culprits that have been focused on in this particular research include:
- Openload and oload.stream (estimated monthly earnings = $95,000)
- Streamango.com (estimated monthly earnings = $7,200)
- Rapidvideo.com (estimated monthly earnings = $25,000)
- OnlineVideoConverter.com (estimated monthly earnings = $200,000!)
Most of the popular websites that are getting on this new trend appear to be streaming related. In case of Openload, for example, users don't need to visit the site itself to be a victim since it's often used as an embedded video player on other resources. A number of sites that aggregate entertainment content link to different players, Openload being one of the most popular. When a user then loads this player, the mining script is loaded as well.
While it was clear that every criminal and non-criminal was jumping onboard the cryptocurrency trend, the sheer growth of these attacks (yes, it is an attack if the websites don't take user permission first) is almost unbelievable. Previously, a report showed that over 70% of all cryptocurrency exchanges have been targets of DDoS. While those attacks may need technical expertise, running a free cryptojacking script requires nothing. The latest report confirms that the normal internet users are the easiest targets being used to mine coins and make profits without their knowledge.
- As mentioned in our earlier posts, extensions like AntiMiner and No Coin, adblockers like AdGuard and some antivirus products can help you deal with cryptojackers.