Story image

The Coinhive cryptocurrency miner - more trouble than it's worth?

16 Oct 2017

Cryptocurrency miners that hide amongst websites have been the subject of discussion for many in the security world lately, but are they causing more damage than they are worth?

Legitimate website owners embedded Coinhive JavaScript code in their website, which used visitors’ CPUs to mine the Monero cryptocurrency and delivered the payment direct to the site owner’s wallet.

However, it wasn’t long until cybercriminals from The Pirate Bay hijacked the trend, according to Anat Davidi and Simon Kenin from Trustwave’s SpiderLabs blog.

“Unfortunately a typo in their code caused the miner to use up all available CPU cores, causing CPU usage for many users visiting the site to go up to 99%. Whether or not you believe it was a typo, this is will be an interesting data point for later on,” Davidi and Kenin say.

This spurred a debate about whether cryptocurrency miners are worthwhile. Trustwave has now blocked the Coinhive miner because the company believes the end users are victims that receive no benefits.

Because Coinhive uses visitors’ CPUs to mine cryptocurrencies, and because site owners can modify site settings, in some cases the mining process can use 100% of all CPU power through a visitor’s browser.

While cryptocurrency mining can add to site owners’ revenue as an alternative to traditional ads, Trustwave says it is not a ‘better’ alternative.

“30% of the mined currency goes to Coinhive themselves, the other 70% go to the site owner. The power company gets what the user pays for the mining process and the user themselves? Well, hopefully they get an internet browsing experience with no ads.?” The researchers ask.

The company conducted an experiment that measured additional side effects to higher CPU usage, including heat and noise generation; and higher power bills.

The study gained a baseline measurement of one machine’s power usage and then compared that to the usage when the same machine was running Coinhive.

The machine generated 1.212kWh over 24 hours, which when put into context of regional power prices, can add as much as $14 per month to a power bill, assuming the miner runs all the time.

In Singapore, the tariff is 15 cents per kWh which adds US$5.45 per month to the bill.

In Germany the prices is 34 cents, or roughly US$12.30 a month.

In Australia, the price is between 34 and 47 cents depending on where you live, so about $9.80 to US$13.80 added to your monthly electricity bill.

“Additional factors such as overall consumption and times of day sometimes also affect these prices depending on where you live,” Davidi states.

He says that although it may seem extreme to imagine that a miner would run 24/7 on a machine, many corporate users may not turn off their computer at the end of a day.

The researchers continue to look at how cybercriminals leverage Coinhive. They are able to exploit servers (and visitors) to mine cryptocurrency directly into their wallet.

Because it is unclear who is behind the actual Coinhive code, it remains a dangerous platform.

“Somewhere between malicious use, irresponsible use, and Coinhive's implementation, it seems that end-users always come out on the losing end of this deal and especially on a corporate level, (the core of Trustwave SWG's users) we felt it was in the best interest of our customers to block this behaviour,” Davidi and Kenin conclude.

Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.