1 in 1,000 Websites Is Running the Coinhive Miner

Security News ThreatsCybercrime Uncategorized

New statistics reveal that 2,531 of the top 3 million websites are running the Coinhive miner, which amounts to 1 in 1,000 websites. To no one’s surprise, BitTorrent websites are the main perpetrators. But they are not the only ones. It turns out that even the Ecuadorian Papa John’s Pizza site contains the code.

Coinhive Is Being Widely Exploited by Thousands of Websites

Why is it bad for users? The Coinhive crypto-mining software is bad for online users because it gulps resources from the machines without the users’ knowledge or initial consent.

What is Coinhive? Coinhive was created in September. The software basically allows Monero mining directly within a browser. As explained by the developers of the software, Coinhive offers a JavaScript miner for the Monero Blockchain that can embed in a website. Users of the website run the miner directly in their browser and mine XMR for the website owner in turn for an ad-free experience, in-game currency or whatever incentives you can come up with.

The software is easy to integrate with its API integration and offers simplicity. However, the failure to apply an opt-in process to provide user consent makes it somehow dubious. As a result, the software has been abused to an unbelievable extent.

Some somewhat suspicious websites started running the Coinhive API in non-throttled mode, binding users’ computers. There are other cases where attackers integrated the software on third-party websites. This is known as crypto-jacking also known as drive-by mining.

Android Devices Also at Risk of Mining

Not only desktop computers are at risk of mining. Security vendors are notifying that two games on the Google Play store, Puzzle and Reward Digger, are currently mining cryptocurrency from countless infected Android phones.

As we already wrote, cryptocurrency miners have successfully sneaked in the Google Play store. Researchers have found apps with malicious capabilities directed towards cryptocurrency mining. The apps were found to use dynamic JavaScript loading in combination with native code injection to bypass detection by security vendors. Read more about the incidents here.

Furthermore, Netskope found a Coinhive miner installed as a plugin on a tutorial webpage for Microsoft Office 365 OneDrive for Business. The website removed the Coinhive plugin after it was informed about the issue. “The tutorial webpage hosted on the website was saved to the cloud and then shared within an organisation,” said Netskope.