Coinhive Miner Proliferating
5 min read

Coinhive Miner Proliferating Exponentially

By Editorial Team

Launched on the 14 of September, Coinhive is a relatively new website JavaScript plugin that garnered some interest from the cryptocurrency community. However, over the past month, it has grown at a near exponential rate and is mining vasts amounts of Monero for those who are using it legitimately or otherwise.

It has been discovered on sites such as the Piratebay, CBS ShowTime and a number of other streaming websites. Some of these are been done by the actual webmasters themselves while others are exploiting vulnerabilities in well-known websites in order to make money with them in an elicit fashion.

This is not the first time that miners have used malware to mine crytpocurrency from unsuspecting users. It was recently discovered by Kaspersky security labs that hackers had spread windows exploits that mined Monero on a user’s PC in the background.

What is Coinhive?

Coinhive Monero Miner WebsiteFor those who have not heard about it, Coinhive is a JavaScript library that someone can insert into their websites code. It is then programmed to self-execute in the browser of the user and will utilise their CPU to crunch some numbers on the Monero blockchain.

Although many may look at it as a potentially malicious script, it does have legitimate users and was developed explicitly for that purpose. Instead of these sites having to rely on advertising revenue that could hamper user experience, Coinhive allows the users to contribute to the site through processing power.

For example, the Pirate bay which is a large torrent site, made use of the miner in a test session. This was unfortunately short lived as many users complained about their browsers being used for the benefit of the webmaster. This seemed to have got the ball rolling though.

Next came the news the CBS Showtime brand’s website had the curious miner embedded in its code. This was quite suspicious as many people believed CBS would not have implemented this as it would hamper user experience. However, the SetThrottle in the code on ShowTime was set at 0.97 which implies that it only mines 3% of the time. This is not the usual MO of a cyber-criminal.

Using Coinhive on a site can indeed be quite a profitable venture. For example, a recent analysis has concluded that a site with the traffic such as Pirate Bay is likely to make about 12k a month from the mining.

Yet, any innovation no matter the intent could eventually be used for the benefit of cyber criminals and this is exactly what happened in this case as the code spread to all corners of the hacking community.

Exponential Growth

Coinhive Threat Warning AVGAs hackers have realised the potential of the miner, so has it cropped up in a number of other locations. For example, it has been located in the source code of a chrome plugin. This would allow the hackers to mine from the users every time they are using their chrome browser.

Hackers have also used chameleon domains in order to trick the users. For example, they would register a domain such as facebooc.com or the like which looks like the original site. Once users enter this domain they are taking to the fake site which runs the script. Of course, this is only for a short period of time as the user will eventually bounce.

However, if the hacker was to create a number of different chameleon domains like this then they are likely to be able to mine a large amount of Monero across a range of different sites.

Of course, why should a hacker create their own domain when they can merely hack existing websites with a great deal of traffic. This has happened as reports by Sucuri.net have discovered sites with the popular WordPress and Magento CMSs that have been hacked and the code inserted.

These scripts could also be used for a number of adware campaigns as the hackers have realised that users are becoming increasingly immune to these ads. Hence, they could make much more if they just load the ads with the JavaScript plugin and let it tick away in the background.

How to Avoid it

You would be pleased to know that a few ad blocking plugins are now beginning to realise the threat posed by JavaScript miners and have started to actively block the script from executing. For example, AdBlock plus is able to recognise the script in the background.

There are also a number of browser plugins that have been developed solely for the purpose of blocking the miners. These include such plugins as MinerBlock and Antiminer.

The Subtle Threat

Although the cybercrime that makes the headlines are the ones that tend to scare, they are sometimes less effective as those that attempt to go under the radar. This is exactly what malware mining scripts are designed to do.

Moreover, because they go unnoticed for a relatively long period of time, people do not report them and hence remove them. This means more profit for the miner. Even though coinhive was developed as an alternative method for site fundraising, it has been exploited.

As a user, if you are able to install the right preventative measures on your browser then you are likely to counter the threat (at least for now).

Featured Image via Fotolia

Editors at large. Posting the latest news, reviews and analysis to hit the blockchain.
View all posts by Editorial Team -> Best Crypto Deals ->

Latest Posts

Trader Joe Review
Trader Joe Review 2022: Complete Guide to the Top DEX on Avalanche
Trader Joe Review

Trader Joe Review 2022: Complete Guide to the Top DEX on Avalanche

July 2, 2022 30 min read
Huobi Global Review
Huobi Global Review 2022: Good Exchange with DEEP Liquidity
Huobi Global Review

Huobi Global Review 2022: Good Exchange with DEEP Liquidity

June 29, 2022 37 min read
FTX vs FTX US Review
FTX vs FTX US: Which one is BEST for You?
FTX vs FTX US Review

FTX vs FTX US: Which one is BEST for You?

June 27, 2022 14 min read
Bancor Review
Bancor Review: Impermanent Loss Protector?
Bancor Review

Bancor Review: Impermanent Loss Protector?

June 22, 2022 15 min read
Bridge Mutual Review
Bridge Mutual: Insurance for your Crypto
Bridge Mutual Review

Bridge Mutual: Insurance for your Crypto

June 22nd, 2022 22 min read
Serum Review
Serum Review: Solana’s One-Stop DeFi Toolbelt
Serum Review

Serum Review: Solana’s One-Stop DeFi Toolbelt

June 16, 2022 17 min read
Raydium Review: Solana’s DeFi Liquidity Mammoth

Raydium Review: Solana’s DeFi Liquidity Mammoth

June 11, 2022 17 min read

Related Posts

Trader Joe Review
Trader Joe Review 2022: Complete Guide to the Top DEX on Avalanche
Trader Joe Review

Trader Joe Review 2022: Complete Guide to the Top DEX on Avalanche

July 2, 2022 30 min read
Huobi Global Review
Huobi Global Review 2022: Good Exchange with DEEP Liquidity
Huobi Global Review

Huobi Global Review 2022: Good Exchange with DEEP Liquidity

June 29, 2022 37 min read
FTX vs FTX US Review
FTX vs FTX US: Which one is BEST for You?
FTX vs FTX US Review

FTX vs FTX US: Which one is BEST for You?

June 27, 2022 14 min read
Bancor Review
Bancor Review: Impermanent Loss Protector?
Bancor Review

Bancor Review: Impermanent Loss Protector?

June 22, 2022 15 min read
Bridge Mutual Review
Bridge Mutual: Insurance for your Crypto
Bridge Mutual Review

Bridge Mutual: Insurance for your Crypto

June 22nd, 2022 22 min read
Serum Review
Serum Review: Solana’s One-Stop DeFi Toolbelt
Serum Review

Serum Review: Solana’s One-Stop DeFi Toolbelt

June 16, 2022 17 min read
crypto com
Crypto.com Exchange Review 2022: A World-Class Crypto Exchange
crypto com

Crypto.com Exchange Review 2022: A World-Class Crypto Exchange

June 14th, 2022 30 min read