Research Reveals Crypto-Jacking Mining Software Produces 250k Monero Monthly
The Coinhive malware miner uses link forwarding services that prompt computers to solve hashes before resolving.
A study performed by analysts at the technical research school, Rheinisch-Westfälische Technische Hochschule Aachen, aka Aachen University, focused on crypto-mining software that makes use of unaware user’s systems.
While many scams involve networks of bots, phishing sites enabled by malware, or are the brainchild of single malicious actor, crypto-mining, or crypto-jacking, schemes take advantage of an unsuspecting user’s computing power. Crypto-mining rose to prevalence after 2017 following the burst of consumer and private entity interest in cryptocurrencies. One of the more prevalent of these malicious softwares that mines Monero coins is called Coinhive.
If you’ve ever had a browsing experience involving Coinhive, you might notice that your machine slows down on certain pages; it makes sense because during such a mining attack you’ll see an influx of system resources being dedicated to the browser. Outside of wear and tear on your system, there isn’t any lasting damage to a crypto-mining attack; once the browser window is closed the site stops using your computer to mine.
Coinhive operates on a short link forwarding service, bearing similarities to those traditionally seen in advertising short-link services which redirect users to their desired content following a delay during which adverts are shown. The difference here is that before a link can be resolved the computer must solve a series of hashes. Whoever creates the short link reaps a share of the block rewards resulting from mining done by users who use the link to access web resources. According to researchers:
“We observed that new links are assigned increasing IDs which enables to enumerating the link address space. As of February 2018, up to 4 characters are used, resulting in a total of 1,709,203 active short links.”
Other key facts uncovered by the researchers are as follows; websites today are already infected with malware miners, and simple blocklists fall short of detecting them. As might be expected, Coinhive is the most widely used crypto-mining software, and its forwarding service is mainly utilized by only 10 users, links from whom mainly redirect to file sharing and video sites.
What is surprising is the sheer volume of mining power which Coinhive contributes to the Monero network alongside the estimated value of the Monero mined by the software:
“Given the current exchange-rate, Coinhive mines Moneros worth around a quarter million USD per month of which they say, they give 70% to their users…
Coinhive currently contributes ∼1.18% of the mining power of the Monero network.”
That’s almost $250,000 a month in a relatively to difficult to trace cryptocurrency.
Soon, MetaCert will integrate anti-crypto mining measures into Cryptonite, to warn you when a site is attempting to hijack your computing resources. In the meantime, you might want to check out MinerBlock, a tool designed to block cryptocurrency miners. If you don’t have this software and you believe a site you’ve visited is using your computer to mine crypto, check to see if the browser is using up all your system resources. If it is, you may wish to avoid visiting that site altogether.
The MetaCert Protocol is a trust and reputation threat intelligence system for verifying web resources. It addresses a number of attack vectors, encompassing solutions for anti-phishing, child safety, brand protection, crypto-address verification, and news credibility. Find out more about the MetaCert Protocol, ask questions, and leave suggestions on both our White Paper and Technical Paper. You can also join our Telegram community to stay up to date on our blockchain project. Remember to install Cryptonite to protect yourself from phishing scams before it’s too late.
