Is your browser getting exploited for cryptocurrency mining?

Alexej Savčin 14 Oct 2017

Beware of websites with cryptominer embedded as it could impact your computer speed while you lend your CPU resources to help mine cryptocurrency.

You may have noticed that certain websites put significant load on your CPU and slow it down. Aside from the possibility that you may not have the best hardware, the slowdown could be due to a JavaScript miner embedded in the website. Instead of getting bombarded with annoying ads, you may now be getting an ad-free experience while unknowingly lending your computing resources to help mine cryptocurrency—in this case Monero, a privacy-focused alternative to the ever-popular Bitcoin.


Image 1 - Monero Miner Blog Post

CPU load after website with cryptominer starts mining

Today, any webmaster can sign up for new services such as Coinhive or JSEcoin and start profiting from your visits. For the past several days, Avast has detected Coinhive miner. As one of the top 10 detections, it should come as no surprise that many well-known and legit websites use this type of monetization.

Image_2_update_MoneroMinerBlogPost.png

Detection for JS:Miner-C[Trj] miner for past 7 days
updated 10-14-17

Easy to use, this miner brings opportunity to everyone. You don't have to edit, or even look at, the source code. Full plugins for content management servers (CMSs) such as WordPress are ready to be installed, and, after some small configurations, everybody can start mining.

 

Image 3 - Monero Miner Blog Post

Mining plugin for WordPress

Why Monero?

Monero is a cryptocurrency that has the same advantages as any other variant of cryptocurrency. Cryptocurrency attracts users for two reasons—the transactions are untraceable and the mining yields profit.

Let’s compare Monero with the more well-known Bitcoin. High-end miners nowadays use only special hardware for mining Bitcoin, and this gives them significant advantage over users that mine on standard PCs or laptops. China is known for Bitcoin farms where old warehouses are stuffed with custom hardware that runs 24/7. They comprise approximately 70% of the world’s Bitcoin miners. This means it is almost completely pointless for any ordinary computer user to attempt to participate in the mining process and waste electricity for Bitcoin. (There are also privacy issues with Bitcoin, as one can also check what balance is in a Bitcoin wallet without any restrictions.)

In contrast, the Monero mining algorithm was specifically designed to work onordinary computers owned by the general public. This is also the goal of other cryptocurrencies like Litecoin.

Image 4 - Monero Miner Blog Post

Source code of sample with implemented miner 

Image 5 - Monero Miner Blog Post

Code implementation in WordPress

The Coinhive website has very clear instructions on how to implement its miner, even including a simple formula for calculating potential profits. Already, we’ve noticed unusual creativity in the way the miner is being implemented. For example, we stumbled upon an image file which embedded this particular JavaScript miner from Coinhive. Below you can see the code as well as the image with the embedded miner.

Image 6 - Monero Miner Blog Post

PNG file code view

Image 7 - Monero Miner Blog Post

Miner inside of image file

How to find out if your browser is secretly mining, and what you can do about it

Avast antivirus products detect these embedded miners. In addition, there are a few other strategies you can employ to see if your browser is mining:

  • Check to see what scripts your browser has loaded. If you are registering significant CPU load yet there is only one tab in your browser and you are not running anything that should put significant load on your CPU, then odds are you’re being used to mine cryptocurrency.
  • If you discover that a site you visit is mining, and you use an ad blocker that lets you add additional URLs to their “block” list, add this website to your list.
  • Search the Chrome Web Store—or something similar—for “miner blockers” and see what comes up. Developers have already created ways to automatically detect mining and stop it from occurring.
Image 8 - Monero Miner Blog Post

Extensions from Chrome Web Store

  • If you really want to get serious about locking miners out, you can disable JavaScript in your browser. The unfortunate side effect, however, is that internet browsing will then have many limitations.
Image 9 - Monero Miner Blog Post

Privacy options of Chrome browser

Conclusion

Here’s the bottom line: based on our recent observations, web mining is a new trend used by content owners to monetize page visits. What makes this new trend unique is that unlike typical ads which are overt, mining is covert. This kind of invisibility and clandestine approach to “using visitors” will undoubtedly raise new questions around legality and might even push this new strategy closer towards the dark zone of the internet. While we don’t have all the answers yet, we’re certainly asking the questions. Our intention is to keep you fully informed and invite you to what will surely be a lively conversation around online privacy … and more. Stay tuned.

--> -->