Beware of websites with cryptominer embedded as it could impact your computer speed while you lend your CPU resources to help mine cryptocurrency.
CPU load after website with cryptominer starts mining
Today, any webmaster can sign up for new services such as Coinhive or JSEcoin and start profiting from your visits. For the past several days, Avast has detected Coinhive miner. As one of the top 10 detections, it should come as no surprise that many well-known and legit websites use this type of monetization.
Detection for JS:Miner-C[Trj] miner for past 7 days
Easy to use, this miner brings opportunity to everyone. You don't have to edit, or even look at, the source code. Full plugins for content management servers (CMSs) such as WordPress are ready to be installed, and, after some small configurations, everybody can start mining.
Mining plugin for WordPress
Monero is a cryptocurrency that has the same advantages as any other variant of cryptocurrency. Cryptocurrency attracts users for two reasons—the transactions are untraceable and the mining yields profit.
Let’s compare Monero with the more well-known Bitcoin. High-end miners nowadays use only special hardware for mining Bitcoin, and this gives them significant advantage over users that mine on standard PCs or laptops. China is known for Bitcoin farms where old warehouses are stuffed with custom hardware that runs 24/7. They comprise approximately 70% of the world’s Bitcoin miners. This means it is almost completely pointless for any ordinary computer user to attempt to participate in the mining process and waste electricity for Bitcoin. (There are also privacy issues with Bitcoin, as one can also check what balance is in a Bitcoin wallet without any restrictions.)
In contrast, the Monero mining algorithm was specifically designed to work onordinary computers owned by the general public. This is also the goal of other cryptocurrencies like Litecoin.
Source code of sample with implemented miner
Code implementation in WordPress
PNG file code view
Miner inside of image file
Avast antivirus products detect these embedded miners. In addition, there are a few other strategies you can employ to see if your browser is mining:
Extensions from Chrome Web Store
Privacy options of Chrome browser
Here’s the bottom line: based on our recent observations, web mining is a new trend used by content owners to monetize page visits. What makes this new trend unique is that unlike typical ads which are overt, mining is covert. This kind of invisibility and clandestine approach to “using visitors” will undoubtedly raise new questions around legality and might even push this new strategy closer towards the dark zone of the internet. While we don’t have all the answers yet, we’re certainly asking the questions. Our intention is to keep you fully informed and invite you to what will surely be a lively conversation around online privacy … and more. Stay tuned.
That .zip file looks legit, but it's actually a sneaky new way for cyber criminals to steal your info.
Information belonging to over 100 Italian banks breached by the Ursnif banking trojan was obtained by Avast Threat Labs, which then shared the data with as many of the victims as could be identified.