‘Cryptojacking’: Some Websites Are Using Your CPU to Mine Monero

The sites' nearly one billion visitors each month have unknowingly mined over $300,000 in Monero.

If you’ve recently used Streamango, Openload, OnlineVideoConverter, or RapidVideo, your computer or phone may have been hijacked to mine cryptocurrency without your knowledge.

The practice, which is called ‘cryptojacking’, allegedly affects nearly a billion visitors to these websites each month. In a Guardian report, Adguard co-founder Andrey Meshkov said: “The total monthly earnings from [this] cryptojacking, taking into account the current Monero rate, can reach $326,000.”

Time to buy the dip?

Each of the four sites load mining programs inconspicuously onto visitors’ browsers when the video they are watching is being loaded for streaming. The only difference that users may notice is that an unusually high percentage of their CPU is being used by the site, causing their computer to run slowly. Other than this, there is no concrete way to know if your computer has been cryptojacked.

In fact, Adguard says that the site’s operators may not even know what is happening. In a report from CSO, the cybersecurity firm said that they “doubt that all the owners of these sites are aware that the hidden mining has been built into these players.”

The BBC also reported yesterday that a Starbucks in Buenos Aires had its wifi hacked to load Monero mining software onto the devices of customers who connected to load it.  According to the BBC, the problem was only identified “when the chief executive of a New York-based technology company logged into the service and noticed the problem,” although he incorrectly thought that the cryptocurrency being mined was Bitcoin.

Monero’s Anonymity Makes the Coin Fit

Monero is particularly well-suited for the practice of cryptojacking for a few reasons. As one of the first cryptocurrencies to use CryptoNote technology, it was designed with anonymity in mind. CryptoNote makes Monero virtually untraceable, making the destination of these illicitly-mined Monero tokens very difficult (perhaps impossible) to discover.

Additionally, Monero’s mining algorithm does not require the same kinds of high-powered ASIC (application-specific integrated circuit) hardware operations that Bitcoin mining does. Pieter Arntz, malware researcher at Malwarebytes, said that Monero mining “can be done with any CPU or GPU.”

Meshkov: “The Popularity of Cryptojacking has Grown with Alarming Speed”

Cryptojacking emerged in September with the revelation that The Pirate Bay and the US-based video streaming website Showtime had embedded mining scripts into their web pages. Following the revelation, The Pirate Bay issued a statement saying that the inclusion of the mining script on their site was merely a “test” to see if cryptojacking could replace advertisements as a source of revenue. After receiving criticism, The Pirate Bay removed the script.

The practice is so new that browsers have not yet been equipped to properly guard against it. According to Adguard’s Meshkov: “The popularity of cryptojacking has grown with alarming speed.” He continued: “The only real solution [at the moment] is to use an ad blocker, an antivirus or one of the specialized extensions to combat cryptojacking.”

 

Got a news tip? Let Us Know