Cookie Consent Pop-Ups Contained Monero Miner

A free script used by website owners to display cookie consent pop-ups was found to be loading a cryptocurrency mining tool onto those sites. The hidden miner was discovered by researcher Willem de Groot on the website of Albert Heijn, the largest supermarket chain in the Netherlands.

After analyzing the site’s JavaScript files, de Groot identified a file named cookiescript.min.js being loaded from cookiescript.info. This domain is registered to the Cookie Consent service, which helps webmasters create pop-ups required by European Union regulations to inform users about cookie usage.

The service generates a code block that webmasters embed into their sites. It turned out that one of the JavaScript files loaded from this service contained the Crypto-Loot miner, which allows Monero cryptocurrency to be mined directly in the browser.

It appears that the administrators of Cookie Consent became aware of the miner’s presence, as the pop-up builder no longer includes it. However, the service still uses an older version of the script that contains Crypto-Loot.

According to American researcher Troy Mursch, Crypto-Loot is the third most popular online crypto miner after Coinhive and JSEcoin. De Groot found it on at least 243 websites.