Over A Billion Video Streamers Unwittingly Mine Cryptocurrency Via Crypto-Jacking
Sometimes it feels like this whole cryptocurrency mining business is getting out of hand. The underlying technology—blockchain—is interesting and potentially very useful, but there are some side effects that are casting a dark shadow over cryptocurrency, such as driving up the price (and limiting availability) of graphics cards for gamers. More recently, however, crypto-jacking has become a thing, where users unwittingly contribute CPU cycles to someone else's mining efforts by way of browser code.
Crypto-jacking is a relatively new term used to describe the secret use of a computing device to mine cryptocurrency. It's not the same as a botnet, which is basically a network of hacked computers (or any Internet connected device), typically through malware. In its current form, crypto-jacking typically consists of injecting JavaScript code into a website, sometimes without the web owner's knowledge. When a user visits one of those sites, the code covertly taps into the user's CPU resources to mine cryptocurrencies, such as Monero.
CoinHive is one of the most popular implementations. It's been found on several websites, including torrenting website ThePirateBay (TPB). More recently, developers have focused on ways of avoiding ad blockers to ensure their code works on machines that would otherwise block the mining script.
Some sites are upfront about browser mining, pitching it as an alternative to serving up ads. But many of them are not so forthcoming. It's not a small problem, either. Adguard found that nearly 1 billion visitors for four streaming video sites had unknowingly mined cryptocurrency in the background. Those sites include Openload, Streamango, Rapidvideo, and OnlineVideoConverter.
"We came across several VERY popular websites that secretly use the resources of users' devices for cryptocurrency mining and were avoiding ad blockers so far. According to SimilarWeb, these four sites register 992 million visits monthly. And the total monthly earnings from crypto-jacking, taking into account the current Monero rate, can reach $326,000. These are simply outrageous figures," Adguard co-founder Andrey Meshkov said in a blog post.
According to Meshkov, all four sites have been doing this on the sly, and three of the four sites provide the function of media players embedded onto third-party sites. The owners of those sites are most likely unaware the mining code that is hidden within those players.
It doesn't have to be this way. As mentioned, some users would happily give up a few CPU cycles to forgo ads while still supporting a website. But there needs to be transparency. If you're concerned about this, the best thing you can do is to keep an eye on your CPU utilization when browsing the web.
