Skip to content

Web browser exploration breeds a new scam instead of killing ads

Get trading recommendations and read the analysis on for only $ 39 a month

The author, David Balaban, is a researcher in computer security with more than 15 years of experience in the malware analysis and evaluation of antivirus software.

Coinhive The first browser-based cryptocurrency project becomes a source of revenue for Internet criminals. Its evolution is rapidly evolving from the monetization of website traffic to a workflow that crypto-crooks benefit from.

Coinhive is a Java solution that anyone can download and integrate into a website. A page hosting such a JavaScript library would launch a hidden process that would exploit the resources of the user's device to extract Monero parts. Everything happens via the web browser.

The design is unique and intelligent. Good game! Coinhive developers claim that it's the best replacement for annoying ads. All he needs is access to the CPU of the device. Web sites raise funds while their visitors benefit from ad-free browsing.

Shortly after the release of the application, the Pirate Bay hosted it for a while. As visitor comments were not welcome, Pirate Bay is rid of the novelty.

However, this was the recognition that then attracted a few other sites, namely and, to try Coinhive. Rumors say that the attackers hacked these websites and abandoned Monero's mining JavaScript without any approval.

Another explanation suggests that approval was in place, but only for the test mode. This theory seems more likely. SetThrottle estimates that Coinhive operated only 3% of the time. In the case of a hack, this ratio would certainly be higher. The alleged intruder would realize the risk of being detected, so try to get as much as possible as soon as possible.

See also  China says it "secured" ICOs and cryptocurrency

The latest estimate reveals that the top 100 websites such as Pirate Bay can earn XMR 27.5 per month, or about $ 12,000 . Since Pirate Bay is among the 100 most visited sites, while the Showtime is only at the end of the top 10 000, the latter would earn much less than the previous one.

Good intentions open the way to hell. The design of Coinhive is not a crime, but the miner follows the sad path of a number of other useful solutions exploited by crooks. In less than a week after developers introduced their Monero product, cyber criminals have incorporated it widely and deeply into their scams.

The first attack hit a popular add-on for Google's browser, SafeBrowse . A compromised extension had integrated Coinhive JavaScript so that every time the Chrome was running, unauthorized exploitation took place.

Moreover, miners also practice URL hijacking. For example, hackers have registered a typo-squatted Twitter Twitter site, (more active). If you enter Twitter this way, your browser should launch the Monero-mining page instead of the real Twitter. Needless to say, you will not keep the page open, but even a short visit contributes to the activity of minors. Finally, a number of deceptive websites can generate decent income for their holder.

Other observations revealed numerous web pages with their pirated scripts and Java Coinhive operating without their webmaster permission. This is how a number of Magento and WordPress websites have integrated the JavaScript Monero-mining into their source code.

Greater publicity would not stay out of the way, that is for sure. At least one notorious cyber gang was found to exploit Coinhive for unauthorized mining. Toxic ads directed web traffic to pages claiming to provide technical support. Aside from fake security warnings, crooks have incorporated mining JavaScript into these pages without, of course, any notification.

See also  Singapore's central bank includes Bitcoin in the peculiar regulation of payment services

Experts predict that the integration of Monero into the adware is only a matter of time. Most likely, crooks have to integrate it into browser hijackers. There is virtually no obstacle that would prevent adware developers from modifying the original payload of their infections to include background exploration with the Coinhive script.

The Coinhive version is available for anyone who wants to wet. Its developers claim that they assume no responsibility as to how the application should be used. Hackers do not care either to abuse the minor in any way possible.

The public has already called Coinhive mining a crypto-jacking because of its embezzlement of browsers for unauthorized mining purposes.

Computer security is preparing to deal with large-scale encryption campaigns. Major anti-adware editors blacklisted the Coinhive almost immediately after its release.

Other web developers have come up with a pair of dedicated solutions. AntiMiner and minerBlock examine the Chrome process and detect and kill any mining activity.

Great News as WannaCry and Other Ransomware CCleaner and Equifax hacks have already scored this year for computer security, but mining for Monero and other coins is very likely to overtake the current hacking. Adware is readily available to support the mining scam.

Malware research laboratories report having observed more than 1.5 million devices affected by mining applications. The report covers only the first half of this year and only 100% of confirmed cases. Cryptocurrency miners are also landing more and more on corporate networks.

Coinhive developers are proud to admit that their tool is much more popular than they could ever dream of, but their dreams come true in a clumsy, if not ugly way. Hackers misuse the solution and combine it with malware.

See also  Sphero Raises $ 12 Million Focusing on Education