Coinhive allows websites to use your CPU for mining cryptocurrency

Coinhive allows you to mine cryptocurrency straight from a browser

If you haven’t heard about Coinhive yet, it can be described as a cryptocurrency miner for websites. The developers of the new technology present it as a successful way to monetize website’s content without cluttering it with ads.

Website owners can load Coinhive JavaScript library on their websites to activate a Monero miner on their websites. However, the miner works using visitors’ CPU power and generates revenue for the owner of the site.

While this might be a brand-new and never-heard-of technology that helps to remove ads from websites, it seems to bring a lot of user’s dissatisfaction since it slows down user’s computers while they are trying to navigate through a website that contains Coinhive miner. The miner has already been tested on websites like Showtime^[1] and The Pirate Bay.

Criminals are quick to abuse the new technology

Just like many useful tools and technologies, Coinhive quickly caught cybercriminals’ eyes and shortly after the launch of the new technology we noticed numerous discussions about it in the dark web forums. It turns out that scammers quickly understood how the technology could be used in revenue making using potentially unwanted or illegal software.

One of the first examples of Coinhive abuse was SafeBrowse virus,^[2] an extension designed for Chrome browsers. Once installed, it would mine Monero all the time the victim uses a web browser.

Besides, scammers quickly applied the technology to domains similar to ones used by highly popular social media networks, online shops or other Internet sites. For instance, fraudsters registered twitter.com.com domain only to embed the miner in it and start earning profits using CPU power of all visitors who accidentally mistype Twitter’s domain.

Finally, tech support scammers are also among fraudsters who abuse the new technology. TrendMicro researchers have revealed that hackers who infect websites with the malicious script displaying “HoeflerText wasn’t found” pop-ups are also rerouting users to phishing websites urging to call fake tech support.^[3]

These websites contain the Coinhive Javascript which mines Monero cryptocurrency while the victim stays on the phishing website.

Cryptocurrency miners on a rise in 2017

On September 12th, researchers from Kaspersky reported about 1.65 million attempts to compromise victim’s computers with cryptocurrency miners.^[4] The security firm says that all of these attempts were carried out in the first eight months of 2017.
In-browser miners became a problem only recently. Until now, fraudsters used to distribute malicious miners using a variety of ways, including software bundling. The victim would install the miner unknowingly, enrolling the computer into a cryptocurrency mining botnet and experience repetitive system slowdowns regularly.

If you experience extreme slowdowns while visiting certain websites, you should know that the site might be using your CPU’s power to mine cryptocurrency. If you are bothered by continuous system slowdowns daily, consider checking your computer with anti-malware software to identify the cause of the problem.^[5]