Beware of websites with cryptominer embedded as it could impact your computer speed while you lend your CPU resources to help mine cryptocurrency.
You may have noticed that certain websites put significant load on your CPU and slow it down. Aside from the possibility that you may not have the best hardware, the slowdown could be due to a JavaScript miner embedded in the website. Instead of getting bombarded with annoying ads, you may now be getting an ad-free experience while unknowingly lending your computing resources to help mine cryptocurrency—in this case Monero, a privacy-focused alternative to the ever-popular Bitcoin.
CPU load after website with cryptominer starts mining
Today, any webmaster can sign up for new services such as Coinhive or JSEcoin and start profiting from your visits. For the past several days, Avast has detected Coinhive miner. As one of the top 10 detections, it should come as no surprise that many well-known and legit websites use this type of monetization.
Detection for JS:Miner-C[Trj] miner for past 7 days
updated 10-14-17
Easy to use, this miner brings opportunity to everyone. You don't have to edit, or even look at, the source code. Full plugins for content management servers (CMSs) such as WordPress are ready to be installed, and, after some small configurations, everybody can start mining.
Mining plugin for WordPress
Monero is a cryptocurrency that has the same advantages as any other variant of cryptocurrency. Cryptocurrency attracts users for two reasons—the transactions are untraceable and the mining yields profit.
Let’s compare Monero with the more well-known Bitcoin. High-end miners nowadays use only special hardware for mining Bitcoin, and this gives them significant advantage over users that mine on standard PCs or laptops. China is known for Bitcoin farms where old warehouses are stuffed with custom hardware that runs 24/7. They comprise approximately 70% of the world’s Bitcoin miners. This means it is almost completely pointless for any ordinary computer user to attempt to participate in the mining process and waste electricity for Bitcoin. (There are also privacy issues with Bitcoin, as one can also check what balance is in a Bitcoin wallet without any restrictions.)
In contrast, the Monero mining algorithm was specifically designed to work onordinary computers owned by the general public. This is also the goal of other cryptocurrencies like Litecoin.
Source code of sample with implemented miner
Code implementation in WordPress
The Coinhive website has very clear instructions on how to implement its miner, even including a simple formula for calculating potential profits. Already, we’ve noticed unusual creativity in the way the miner is being implemented. For example, we stumbled upon an image file which embedded this particular JavaScript miner from Coinhive. Below you can see the code as well as the image with the embedded miner.
PNG file code view
Miner inside of image file
Avast antivirus products detect these embedded miners. In addition, there are a few other strategies you can employ to see if your browser is mining:
Extensions from Chrome Web Store
Privacy options of Chrome browser
Here’s the bottom line: based on our recent observations, web mining is a new trend used by content owners to monetize page visits. What makes this new trend unique is that unlike typical ads which are overt, mining is covert. This kind of invisibility and clandestine approach to “using visitors” will undoubtedly raise new questions around legality and might even push this new strategy closer towards the dark zone of the internet. While we don’t have all the answers yet, we’re certainly asking the questions. Our intention is to keep you fully informed and invite you to what will surely be a lively conversation around online privacy … and more. Stay tuned.
1988 - 2021 Copyright © Avast Software s.r.o. | Sitemap Privacy policy