One of the most unpleasant types of hidden mining is browser-based mining, where the devices of ordinary website visitors are used to mine cryptocurrency-usually without the users’ knowledge. The widespread use of cryptojacking began back in the fall of 2017. At that time, the issue drew the most attention when the torrent tracker The Pirate Bay first conducted tests and temporarily embedded a cryptocurrency miner into some of its pages, and later brought this practice back on a permanent basis. The tracker’s operators explained that mining could become a new means of monetization and help the site eventually get rid of traditional advertising altogether.
Unfortunately, the main problem now is that website owners do not always voluntarily embed mining scripts into their sites. More and more sites are being hacked specifically to integrate miners into their code. Moreover, even if the miner wasn’t installed forcibly, site owners rarely bother to warn visitors about what’s happening, meaning users are not given a choice or the ability to disable the miners.
Previously, hidden miners have already been found on YouTube, in thousands of online stores, and in Android apps. Cryptocurrency mining scripts are hidden in malicious ads, evade blockers using Google Tag Manager, and use widgets from the popular LiveHelpNow service, which are integrated into the code of many sites. Popular CMS platforms have also been hit by a wave of attacks aimed specifically at installing mining scripts.
Research Findings on Cryptojacking
On February 7, 2018, researchers from 360 Netlab published some interesting statistics. Analysts calculated which types of sites are most likely to contain hidden miners. The experts used the DNSMon tool, which helps track connections between domain names. According to their findings, 241 out of the 100,000 most popular websites on the internet (according to Alexa) were engaged in cryptojacking at that time. The researchers published part of this list on their official Twitter account.
Of the sites that mine cryptocurrency through their visitors’ browsers, 49% turned out to be adult content resources. Most of these aren’t even real porn sites; they are mainly sites with addresses like streamxxx[.]tv, targeting users who rarely watch adult content, don’t know where to find it, and therefore turn to search engines with simple queries like “porn.”
Where Else Are Hidden Miners Found?
Below is a keyword map for all cryptojacking domains, which gives a good idea of where else you might “encounter” hidden miners.
Most Popular Mining Services for Cryptojacking
The researchers also looked into which mining services are most popular for cryptojacking. As of February 6, 2018, the statistics were as follows (with CoinHive still maintaining the lead):
- CoinHive (leader in browser-based mining scripts)
- Other mining services (less common but still present)