Posted on 10/13/2017 3:03:22 AM PDT by markomalley
Updated Sketchy websites are increasingly using cryptocurrency mining as a source of income.
CoinHive – the most prevalent cryptocurrency mining code provider – and its clones are becoming an alternative to dodgy advertising affiliate programs and survey scams in many cases.
More than 220 websites – mostly porn sites and torrent trackers – silently launch mining threads when surfers visit their sites, according to a new study by Adguard. The consumer-focused security firm reckons at least $43K was mined in Monero, as of October 10, based on the average time spent on website. Cryptocurrency mining code contaminated websites with an aggregated audience of 500 million people.
Cryptojacking scripts sometimes turn up on mainstream websites. For example, TV channel Showtime and the official website of Real Madrid star Cristiano Ronaldo were both caught harbouring CoinHive code recently. Pirate Bay admitted that it had experimented with the technology, something that happened without telling users beforehand.
Security researchers such as Troy Mursch (aka Bad Packets) have found it difficult to get sites to act on reports of infection. This means it can be difficult to determine whether third party hackers have planted the code on insecure sites or whether it’s there as a sanctioned money making move. The anonymity offered by digital currencies adds to the confusion.
The largest website sporting mining code is the Dropbox clone uptobox.com, which is a top-1000 website, according to Alexa's worldwide rankings of sites by traffic, with 60 million-plus monthly visitors, Adguard reports.
The CoinHive team has called on website operators to inform their users about mining operations but there’s no facility to block misuse of the technology by the unscrupulous, according to Adguard, which adds that three more clones of CoinHive appeared over the three week period of its recent study.
Ad blockers and antivirus programs have added features that block browser mining. AdGuard has updated its apps to give users the choice to let a site mine, or to forbid it to launch mining in their browsers. Informed consent lies at the root of objections to cryptocurrency mining practices. Done with permission the technology offers an alternative revenue stream to publishers outside of online ads, which many find either intrusive or annoying.
An earlier study on how cryptocurrency mining is being abused can be found in a blog post by Malwarebytes here. ®
Updated at 0803 UTC on 13 October to add: Uptobox.com said that it had it removed CoinHive JavaScript code from its site after completing tests. “Ads are better :),” it told El Reg.
As a reader just emailed in to point out, El Reg ourselves have done this sort of thing in the past (just kidding – it was an April Fool's Day joke!)
Seems like it’s just another form of currency to me. Cash or Bitcoins, they both come from Ads.
I read the whole article and still have no idea what it was about. Can someone translate it in 25 words or less?
Internet sites are using YOUR computer without your consent to make money - i.e. they are using you property without permission and you get no compensation.
People stealing computing cycles (and thus cost of energy, bandwidth) in order to mint crypto currency (bitcoin et al).
While the amount of energy stolen for you can be mere cents per day, in aggregate they can be stealing upwards of 100’s of dollars a day from people who visit their website.
Thank you.
Block Coinhive.com in your adblocker, firewall and/or hosts file.
Most of these clowns use it without any configuration parameters which means your CPU usage shoots up to 100%.
At least a friend tells me that’s so ;)
BTTT
If you aren’t using Bitcoin or something close to it, what is the risk?
“Internet sites are using YOUR computer without your consent to make money - i.e. they are using you property without permission and you get no compensation.”
The question is HOW? I know what cryptocurrency is but how do they “mine” it? If you have Bitcoin are they transferring a portion of it value to their computer?
To “mine” - you need cpu power (or gpu) - in other words, the site you visit secretly lets your computer do some work computing the next “coin” - if enough ppl visit the site, there are then hundreds of computers all working for the site. It costs them nothing to let this run on your computer but they get all of the profit if the “mine” a new coin.
As to “mining” - it is actually rather complicated, but, in a nutshell, a unique value needs to be crpytographically computed which then becomes the coin. When these things start, a coin can be mined in a matter of minutes on a simply computer. After a while it gets harder and harder to comute the value and entire server clusters are used and it can take days or weeks.
So, if a site can “borrow” your CPU to take care of some of the load, they have more power to compute without buying more hardware.
“...in a nutshell, a unique value needs to be crpytographically computed which then becomes the coin.”
Here is where you lost me. How do they “cryptographically compute” a value?
Ping!
They wave a magic wand!
Well, I did say it is complicated. What it means it that someone is able to compute a value based on a specific set of rules (algorith) that is unique and then encrypts that value - now that it is encrypted, the value can be verified but NOT recreated by someone else (don't ask why / how) - that encrypted value is the "coin".
Academically, this is quite interesting - I would not invest in it though ...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.