For the last couple of weeks, the trend of inserting code in websites that generate cryptocurrency has been growing like never before. What might worry some is that it uses visitor’s computers to start and finish the process.
Recently, Trend Micro, a cybersecurity firm discovered that hackers are compromising charity, school, and file sharing websites with a particular code that allows the site to use visitor’s CPU in order to generate cryptocurrency
By doing so, the code converts the visitor’s computer into a miner. This means the greater the number of computers the quicker will be the process of generating digital currency and in return, the greater the amount of money. In the end, the victim will suffer from expensive electricity bill.
According to Rik Ferguson, vice-president of security research at Trend Micro “This is absolutely a numbers game. There’s a huge attraction of being able to use other people’s devices in a massively distributed fashion because you then effectively take advantage of a huge amount of computing resources.”
The security firm discovered that hundreds of famous websites are using the code. Some are using “Coin Hive” code, some are using JSE Coin script while some have no idea how the code got onto their websites.
To get rid of it, some site owners have simply removed the code while some have updated their security policies and issued patches. There are those who are still investigating the issue emphasizing on how their site was compromised and how the code ended up on it without triggering any warning.
BBC reported that developers of Coin Hive are also taking action against those misusing their code for malicious purposes. “We had a few early users that implemented the script on sites they previously hacked, without the site owner’s knowledge. We have banned several of these accounts and will continue to do so when we learn about such cases,” Coin Hive told BBC.
In a tweet, FiveM, a modification framework for GTA V said that they had issued a security update just to stop users from adding miners to their code.
CloudFlare, a content delivery network and Internet security service also booted off a torrent website for secretly mining cryptocurrency miner. The company said “mining code without notifying users. … We consider this to be malware.”
Last month, The Pirate Bay website was caught “testing” cryptocurrency miner while two domains owned by CBS Corporation’s premium cable network Showtime’s sites were also found to be mining cryptocoins without informing their visitors.
In another report, Trend Mirco said that hackers are also using smart home devices to generate cryptocurrency. “Trend Micro data shows that more and more home devices are being compromised—we blocked over 90% more home network attacks in September compared to July, and most of the attacks are attempting to mine cryptocurrency,” said Trend Micro.
Although it is a rare practice; if adopted on a long-term basis, it might replace ads for good as advertisements can be malicious and annoying at times. However, the fact that it hijacks computers for crypto mining deeply concerns users, therefore, website owners should allow users to choose whether they want the site to use their CPU for mining or not.