Hackers mine Monero using visitors’ browsers without their knowledge
Update Monday, January 29, 2018 4:00 PM CET: Arenavision reached out to Avast on Twitter, claiming their site was hacked on January 16, 2018. Avast reexamined the JQuery file and can confirm the site is now clean and does not contain any mining algorithms. The below post has been updated to reflect this.
A popular site used to stream sporting events such as soccer, basketball, tennis, and other sports is mining cryptocurrencies using CoinHive, without site visitors’ permission. The site, arenavision[dot]in, is mostly visited by Spanish users, followed by Portuguese, and Mexican users, according to Alexa.
Crypto coins are generated by solving a complex mathematical problem that meets certain criteria. The result confirms a set of transactions. If such result is found, the first miner to publish it receives a reward and the transaction fees from the given set.
It isn’t surprising to see a site like Arenavision being abused for mining. The longer visitors stay on a page, the more can be mined. Soccer games, for example, last 90 minutes and most viewers probably watch entire matches, giving hackers time to mine.
According to SimilarWeb, Arenavision was visited 6.6 million times in December, with the average visit duration being about three minutes and 30 seconds. Taking into consideration most visitors probably visit the site using a laptop or PC, for a better viewing experience, we estimate six million visitors frequented the site using a laptop or PC in December.
We roughly estimate that $840 is earned on a monthly basis, based on the site data from December 2017, just from visitors going to the Arenavision homepage. If this had gone unnoticed, hackers would have continued profiting from the miner. We calculated the estimated monthly profit by first calculating my computer’s hashrate (40 hashes per second) using CoinHive, which is the service that was used to mine, and using the site CryptoCompare to calculate how much money I would earn if I mined non-stop on my work PC for a month. As we know, the average time spent on the website was three minutes and 30 seconds in December. I also took into consideration that CoinHive gets a 30% pool fee, which yields $360.
We were, unfortunately, unable to find sufficient data to calculate how much was earned by mining on arenavision2017[dot]ga, the site Arenavision users are redirected to, to view sporting events.
While still in its infancy, cryptomining via websites falls into a bit of an ethical gray area. Although Arenavision claims their site was hacked, a few websites already fairly use cryptocurrency miners for financial gain, providing site visitors with the option to view ads, or enjoy an ad-free experience in exchange for mining.
However, in most cases, mining scripts are installed and run without notifying users. Running mining server farms to legally and quickly mine cryptocurrencies requires a high financial investment both for the infrastructure and electricity. To avoid high costs, many are starting to mine using browser code, using existing PCs of random, unknowing users to mine and make a profit.
Cryptocurrency mining programs cause the browser to perform at a slower rate, exhausting a system’s battery power faster than usual. Visitors of websites will notice their browser lagging or their computer running more slowly and noisily, but not much else.
Avast considers websites that mine for cryptocurrencies without asking for users permissions malicious and blocks scripts that try to mine in the background, behind users backs. We also block known, malicious mining programs.
How to find out if your browser is secretly mining, and what you can do about it
In addition to using antivirus products that detect unwanted browser mining, there are a few other strategies you can employ to see if your browser is mining: