This new website monetization tactic has attracted much attention. Torrent sites like "The Pirate Bay," as well as certain porn sites, have quickly adopted it. Also, similar service providers such as Crypto-loot, CoinBlind, CoinNebula, MineMyTraffic, Jsecoin, Coin-Have, PPoi and Adsencebase have emerged.
Fig 1: Daily unique webpage hit count in Oct-17.
Fig 2: Geo-location of hosts/websites those adopted in-browser mining.
Fig 3: Geo-location of clients who accessed mining websites.
The more time a user spends on the site the more revenue will be generated. Websites providing video streaming and file-sharing services tend to benefit more from in-browser mining. As a result, we are seeing more hits on these types of websites. In addition to voluntarily deploying mining, we have also noticed that mining has been deployed on compromised sites too – giving the bad guys one more vector that can be abused for financial gain.
Fig 4: Top-100 sites based on number of hits.
As traditional website monetization has introduced risks of personal data theft through adware and malvertisements, browser mining has similarly opened the door for new types of threats.
From a security perspective, crypto-currency mining inside browsers is not malicious by itself. However, we observed that this practice is being carried out silently without end user’s consent and knowledge, which makes it undesirable. Cyber criminals are injecting mining script in compromised websites which secretly consume CPU cycles of a user's laptop or mobile device to mine cryptocurrency when the user visit the website. This is a resource-hijack attack where there is no immediate way to tell that a webpage is consuming CPUs. However, one site performing mining is likely to bring poor experience on the websites open in other tabs. Moreover, multiple webpages will drain the CPU if it performs mining parallelly in different tabs. When these kind of miners are in action, a user will find the computer or the mobile device running slower and the CPU temperature will rise causing mobiles to overheat, which may damage or reduce the life of the device. Additionally, this could result in increased electricity bill for users.
Fig 5: CPU Usage in normal conditions.
Fig 6: CPU Usage when mining started.
Fig 7: Source code of webpage embedded mining script.