Results 1 to 2 of 2

Thread: A surge of sites and apps are exhausting your CPU to mine cryptocurrency

  1. #1
    Elder Arcanist
    Ackar's Avatar
    Join Date
    Jul 2003
    Posts
    10,761

    A surge of sites and apps are exhausting your CPU to mine cryptocurrency

    A surge of sites and apps are exhausting your CPU to mine cryptocurrency

    The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites.

    The latest examples came on Monday with the revelation from antivirus provider Trend Micro that at least two Android apps with as many as 50,000 downloads from Google Play were recently caught putting crypto miners inside a hidden browser window. The miners caused phones running the apps to run JavaScript hosted on Coinhive.com, a site that harnesses the CPUs of millions of PCs to mine the Monero crypto currency. In turn, Coinhive gives participating sites a tiny cut of the relatively small proceeds. Google has since removed the apps, which were known as Recitiamo Santo Rosario Free and SafetyNet Wireless App.

    Last week, researchers from security firm Sucuri warned that at least 500 websites running the WordPress content management system alone had been hacked to run the Coinhive mining scripts. Sucuri said other Web platforms—including Magento, Joomla, and Drupal—are also being hacked in large numbers to run the Coinhive programming interface.

    Earlier this month, political fact-checking site Politifact.com was found hosting Coinhive scripts in a way that exhausted 100 percent of visitors computing resources. A PolitiFact official told Ars the incident occurred when "an unidentified hacker attached a crypto mining script to the PolitiFact code base being stored on a cloud-based server." The code has since been removed and was active only when people had a politifact.com window open in their browser.

    Don't look, don't tell

    Coinhive presents its service as a way end users can support sites without viewing online ads, which are often criticized for containing malware that surreptitiously infects visitors with ransomware, password stealers, and other malicious wares. And in fairness, the service only consumes 100 percent of a visitor's computing resources when the Coinhive's interfaces are being abused. Still, Coinhive doesn't require third-party sites to tell visitors their computers and electricity are being consumed in exchange for visiting the site. Coinhive has also done nothing to prevent sites from abusing its programming interface in a way that completely drains visitors' resources.

    Ad blocker AdGuard recently reported that 220 sites on the Alexa top 100,000 list serve crypto mining scripts to more than 500 million people. In three weeks, AdGuard estimated, the sites generated a collective $43,000. Both AdGuard, antimalware provider Malwarebytes, and a variety of their peers have recently started blocking or restricting access to Coinhive crypto mining. Both AdGuard and Malwarebytes give end users who want to support a site using Coinhive the option of accessing the mining script. In announcing the move, Malwarebytes wrote:

    The reason we block Coinhive is because there are site owners who do not ask for their users' permission to start running CPU-gorging applications on their systems. A regular Bitcoin miner could be incredibly simple or a powerhouse, depending on how much computing the user running the miner wants to use. The JavaScript version of a miner allows customization of how much mining to do, per user system, but leaves that up to the site owner, who may want to slow down your computer experience to a crawl.
    Coinhive's massive Web audience isn't lost on other companies. Collin Mulliner, a security researcher and developer of TelStop, said he recently received an e-mail from a startup called Medsweb inviting him to integrate a Monero miner into his creation. "If your app is deployed on thousands/millions of devices, you can monetize it with monero mining and earn really huge income," the unsolicited e-mail stated. "We manage all the complexity of backend servers and mining operations and you get a really simple control panel to monitor your hashrate and earnings."

    Malwarebytes noted that Coinhive recently introduced authedmine.com, a service that requires third-party sites received explicit permission of end users before using their computers to mine digital coins. But the antimalware provider went on to point out that coinhive.com remains active and continues to require no end-user notice at all. As the recent discovery of the Android apps and the more than 500 hacked websites makes clear, Coinhive continues to turn a blind eye to the abuse of its service in much the way adware providers did in the early 2000s.

  2. #2
    Elder Arcanist
    Ackar's Avatar
    Join Date
    Jul 2003
    Posts
    10,761

    Re: A surge of sites and apps are exhausting your CPU to mine cryptocurrency

    Cryptojacking craze that drains your CPU now done by 2,500 sites

    A researcher has documented almost 2,500 sites that are actively running cryptocurrency mining code in the browsers of unsuspecting visitors, a finding that suggests the unethical and possibly illegal practice has only picked up steam since it came to light a few weeks ago.

    Willem de Groot, an independent security researcher who reported the findings Tuesday, told Ars that he believes all of the 2,496 sites he tracked are running out-of-date software with known security vulnerabilities that have been exploited to give attackers control. Attackers, he said, then used their access to add code that surreptitiously harnesses the CPUs and electricity of visitors to generate the digital currency known as Monero. About 80 percent of those sites, he added, also contain other types of malware that can steal visitors' payment card details.

    "Apparently, cyberthieves are squeezing every penny out of their confiscated assets," he said.

    One of the affected sites is shop.subaru.com.au. When I visited the site on Tuesday, the fan on my MacBook Pro, which I hadn't heard in months, soon started whirring. The activity monitor showed that about 95 percent of the CPU load was being consumed. As soon as I closed the site, the load dropped to about 9 percent. Besides putting a noticeable strain on my computer, the site also draws additional electricity from my office. The arrangement allows the attackers to reap the benefit of my hardware and electricity without providing anything to me in return. A recent report from security firm Trustwave's SpiderLabs estimated that the electricity cost for a single computer could range from about $2.90 to $5 per month, presumably if the cryptomining page was left open and running continuously over that time. The figure doesn't include the wear and tear on hardware as it performs complex mathematical problems required to generate the digital coins.

    The site that makes all of this possible is Coinhive.com, which Ars covered last week. It offers an easy-to-use programming interface that any website can use to turn visitors' computers into vehicles for generating—or in the parlance of cryptocurrency people, mining—Monero. Coinhive gives participating sites a tiny cut of the proceeds and pockets the rest. Coinhive doesn't require that sites provide any notice to users.

    de Groot said that about 85 percent of the 2,496 sites he tracked are generating currency on behalf of just two Coinhive accounts. Depending on the total number of visitors, the amount of time they stay on an affected site, and the power of their computers, the revenue collected by those accounts could be considerable, as would be the total amount of additional charges those accounts made to visitors' electric bills. The remaining 15 percent were spread over additional Coinhive accounts, but de Groot has evidence suggesting those accounts are controlled by a single individual or group. Most of the affected sites concealed the connection to Coinhive by adding a link to the domain siteverification.online or one masquerading as a Sucuri firewall. Those disguised sites, in turn, hosted the crypto-mining JavaScript that interacted with Coinhive.

    de Groot's findings suggest that drive-by cryptomining has grown more widespread in the week since Ars first covered it or at least that the phenomenon shows no signs of abating. The earlier Ars article cited research from security firm Sucuri that found 500 sites running hacked versions of the WordPress content management system that were participating in the Coinhive mining. Ars also reported that two Android apps with as many as 50,000 downloads from Google Play had recently been caught putting cryptominers inside hidden browser windows. On Wednesday, researchers from Ixia reported finding two additional such apps with as many as 15 million downloads combined. (In fairness, one of the apps informed users it would use their phone's idle time to generate coins and provided a way for that default setting to be turned off. The apps have since been modified to curtail the practice.)

    There are other indications that the in-browser cryptomining racket is getting worse. In a report published Tuesday, endpoint security provider Malwarebytes said that on average it performs about 8 million blocks per day to unauthorized mining pages.

    People who want to avoid these cryptojacking scams can use Malwarebytes or another antivirus program that blocks abusive pages, install this Chrome extension, or update their computer host file to block coinhive.com and other sites known to facilitate unauthorized mining. As the phenomenon continues to grow and attract copycat services, blocklists will likely have to be updated, requiring regular updates to blocklists as well.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •