500 million PCs are being used for stealth cryptocurrency mining online

A new report suggests hundreds of websites have taken The Pirate Bay’s lead and are now using visitor PCs to mine cryptocurrency without the consent of users.
A month or so ago, torrent search website The Pirate Bay raised concern among the community as visitors noticed their CPU usage surged whenever a page was opened.
At first, some worried that malvertising or embedded malware was at play; however, when the domain’s operators realized the game was up, they admitted the power surge was due to a “small experiment” in cryptocurrency mining.
Cryptocurrency, such as Bitcoin or Monero can be “mined” and acquired through computational power. If enough PC owners donate power, then mining can be a way to rake in revenue.
More security news
没有100%的安全,安全事故不可100%避免,事故之后的及时和正确的响应关乎组织的信誉。
Republican polling firm’s database was hacked, exposing donor records
This Netflix-flavoured phishing attack targets your business emails
SEC spoofed, malware hosted on US gov’t server in new DNS attack
Judge smashes boundless warrant for identities of anti-Trump website users
In The Pirate Bay’s case, the website’s operators were experimenting with a mining script from CoinHive which hunted for Monero. The trial was explained as a potential way for the website to run for free, without needing to rely on adverts.
It seems this idea has now taken root in other websites, too.
According to a new report from Adguard, in a matter of weeks, 2.2 percent of the top 100,000 websites on the Alexa list are now mining through user PCs.
In total, 220 sites that launch mining when a user opens their main page, with an aggregated audience of 500 million people.
CoinHive and JSEcoin are currently the most popular scripts being employed to hunt down cryptocurrency, and Adguard estimates that these domains have earned roughly $43,000 in a three-week period at little or no cost.
It has been estimated that The Pirate Bay may be able to make roughly $12,000 per month from mining cryptocurrency, due to the domain’s heavy flow of traffic. The majority of websites currently using miners, however, come from a blurry area. Torrent search websites, domains hosting pirated content, and pornographic websites are the most likely to use cryptocurrency miners.
“There may be a further explanation for the fact that browser mining is found mostly on websites with a shady reputation,” the firm says. “These sites traditionally have trouble making money through advertising, so they are open to experiments and innovation.”
Websites with video-based content that keep users in place for some time are most likely to generate income from this method.
In itself, mining scripts have no ethical stance. It is a technology used to find cryptocurrency, nothing more and nothing less. However, the method in which it is employed is the issue.

By hijacking a visitor’s CPU, power is used. While many users may be happy to lend their power rather than be inundated with adverts, consent is key.
CoinHive has responded to the recent media attention and has asked users to make their website visitors aware of mining scripts.
“We’re a bit saddened to see that some of our customers integrate CoinHive into their pages without disclosing to their users what’s going on, let alone asking for their permission,” the company says. “We believe there’s so much more potential for our solution, but we have to be respectful to our end users.”
Cryptocurrency mining has potential, and if handled properly, there is little reason why website visitors would not agree to such schemes in comparison to ad-laden pages.
However, if domain operators do not respect their end users and do not seek permission, they are risking a hit to their reputation which they may not recover from.
Until this issue is resolved, take note — adblockers will generally block these scripts. It is up to domain operators and cryptocurrency mining script developers to work together to make this a viable alternative, and in the meantime, you can ensure your CPU is safe.
“Providing a real alternative to ads and users who block them turned out to be a much harder problem,” the company added. “CoinHive, too, is now blocked by many ad-block browser extensions, which — we have to admit — is reasonable at this point.”
加强个人信息保护 阿里、百度等共签倡议书
Some hosting providers are taking on the issue, too. Earlier this month, it emerged that CloudFlare has taken steps to suspect accounts which stealth mine without permission.
How blockchain technology can transform our…
SEE FULL GALLERY
1 – 5 of 6
NEXT
PREV
Previous and related coverageHow much does The Pirate Bay’s cryptocurrency miner make? Pirate Bay uses your PC to mine cryptocurrency in quest to become ad-free Does piracy pay? Not for the Pirate Bay
谈到信息安全的事情,一些管理者首先会想到自己企业的信息是否被盗,如何防止内部员工拷贝一些关键的信息,往往会不在意业务处理过程中的信息安全性,他们忽略了信息的录入、修改和删除的过程。

猜您喜欢

加强工业控制系统安全管理同时勿忘员工安全意识培训
移动安全问题不可忽视
网络安全法宣传视频系列001《网络安全法》背景知识
“我们的自信”道路篇:人间正道
KERALAPROMOTER PCF
公司员工信息安全意识教育动画视频