Website Owners Are “Cryptojacking” Their Visitors’ Computers to Mine for Cash
Attackers are now increasingly using websites to mine for cryptocurrency using visitors of infected sites. Security firm Trend Micro reports that high-traffic sites - like file sharing websites - have been discovered infected with code that uses visitors' machines for mining purposes without their consent. Hundreds of websites were found carrying this malicious code.
"This is absolutely a numbers game," Rik Ferguson, vice-president of security research at Trend Micro, said. By targeting a wide range of websites and hundreds of thousands of site visitors, attackers can quickly generate cash online without having to invest resources themselves.
"There's a huge attraction of being able to use other people's devices in a massively distributed fashion because you then effectively take advantage of a huge amount of computing resources."
Some website owners "cryptojack" visitors on purpose, others get hacked
According to security experts, it's not always criminal groups who infect hundreds of thousands of websites to generate quick cash as some websites deliberately use mining scripts to use their visitors' computers for mining cryptocurrency. Scanning the code behind a million of the most popular websites, security researchers found Coinhive - a popular, legitimate mining script - and a new JSE Coin script.
Coinhive suggests that a website that gets one million visitors in a month could make about $116 worth of Monero. Add in a vast number of popular websites and the fact that this is essentially free money for attackers, this mining process is being adopted by many hackers. Popular, high-stream websites like The Pirate Bay have been found carrying the script, whether knowingly or not. On many websites that were running these scripts, researchers did say the script was concealed suggesting a surreptitious injection.
This mining campaign is also putting the legitimate mining scripts like Coinhive under a bad light. Even if legitimate, mostly these tools are used for malicious purposes by site owners without user approval or offering visitors a way to turn off cryptomining. In a statement to the BBC, Coinhive said that it has previously taken action against malicious use and continues to do so. "We had a few early users that implemented the script on sites they previously hacked, without the site owner's knowledge," they said.
"We have banned several of these accounts and will continue to do so when we learn about such cases." The developers also said that sites using the script are required to inform their users that their machines will be enrolled in a mining campaign.
Cloudflare, antivirus products, Chrome extenstions, and some ad-blocking programs have also started to block or alert users when they detect websites running mining scripts. While the world is busy with mega breaches like Equifax and SEC and the fallouts from Petya and WannaCry ransomware, the cryptojackers are quietly taking over the online spaces, slaving unwitting users' computers either through malware installed on user machines or by targeting the websites they visit.
- If you are on Chrome, you can use AntiMiner and No Coin extensions that block any site running the Coinhive script.