Drive-by crypto-mining is digging into the web, victimizing unsuspecting visitors to some websites by utilizing 100% of their CPU to mine for cryptocurrency with no knowledge or consent given.
According to analysis from Malwarebytes, a company called Coinhive launched a service back in September that could mine for the digital currency known as Monero from directly within a web browser, using JavaScript-based code. The mining API is cross-platform compatible and works on all modern browsers.
In and of itself, the technology offers a potential new revenue stream for website owners, perhaps replacing annoying banners and pop-ups with small slowdowns in computer performance stemming from the mining activity. It could be, in theory, a win-win.
There’s just one problem: the technology was almost instantly abused.
“The simplicity of the Coinhive API integration was one of the reasons for its immediate success…[but] many web portals started to run the Coinhive API in non-throttled mode, resulting in cases of cryptojacking,” explained Malwarebytes analyst Jerome Segura. “While the harm may seem minimal, this is not the kind of web experience most people would sign up for. To make matters worse, one does not always know if they are mining for the website owner or for criminal gangs that have found a new monetization tool for the hacked sites they control.”
The scale of drive-by mining activity is not minor, either. Malwarebytes has been blocking the original Coinhive API and related proxies an average of 8 million times per day, Segura said, which adds up to approximately 248 million blocks in a single month.
“With their new mandatory opt-in API, Coinhive hopes to restore some legitimacy to the technology and, more importantly, push it as a legal means for site owners to earn revenues without having to worry about ad blockers or blacklists,” Segura said. “This could also benefit users who might not mind trading some CPU resources for an ad-free online experience. In the meantime, drive-by mining continues unabated.”