sb-nz logo
Story image

The Coinhive cryptocurrency miner - more trouble than it's worth?

16 Oct 2017

Cryptocurrency miners that hide amongst websites have been the subject of discussion for many in the security world lately, but are they causing more damage than they are worth?

Legitimate website owners embedded Coinhive JavaScript code in their website, which used visitors’ CPUs to mine the Monero cryptocurrency and delivered the payment direct to the site owner’s wallet.

However, it wasn’t long until cybercriminals from The Pirate Bay hijacked the trend, according to Anat Davidi and Simon Kenin from Trustwave’s SpiderLabs blog.

“Unfortunately a typo in their code caused the miner to use up all available CPU cores, causing CPU usage for many users visiting the site to go up to 99%. Whether or not you believe it was a typo, this is will be an interesting data point for later on,” Davidi and Kenin say.

This spurred a debate about whether cryptocurrency miners are worthwhile. Trustwave has now blocked the Coinhive miner because the company believes the end users are victims that receive no benefits.

Because Coinhive uses visitors’ CPUs to mine cryptocurrencies, and because site owners can modify site settings, in some cases the mining process can use 100% of all CPU power through a visitor’s browser.

While cryptocurrency mining can add to site owners’ revenue as an alternative to traditional ads, Trustwave says it is not a ‘better’ alternative.

“30% of the mined currency goes to Coinhive themselves, the other 70% go to the site owner. The power company gets what the user pays for the mining process and the user themselves? Well, hopefully they get an internet browsing experience with no ads.?” The researchers ask.

The company conducted an experiment that measured additional side effects to higher CPU usage, including heat and noise generation; and higher power bills.

The study gained a baseline measurement of one machine’s power usage and then compared that to the usage when the same machine was running Coinhive.

The machine generated 1.212kWh over 24 hours, which when put into context of regional power prices, can add as much as $14 per month to a power bill, assuming the miner runs all the time.

In Singapore, the tariff is 15 cents per kWh which adds US$5.45 per month to the bill.

In Germany the prices is 34 cents, or roughly US$12.30 a month.

In Australia, the price is between 34 and 47 cents depending on where you live, so about $9.80 to US$13.80 added to your monthly electricity bill.

“Additional factors such as overall consumption and times of day sometimes also affect these prices depending on where you live,” Davidi states.

He says that although it may seem extreme to imagine that a miner would run 24/7 on a machine, many corporate users may not turn off their computer at the end of a day.

The researchers continue to look at how cybercriminals leverage Coinhive. They are able to exploit servers (and visitors) to mine cryptocurrency directly into their wallet.

Because it is unclear who is behind the actual Coinhive code, it remains a dangerous platform.

“Somewhere between malicious use, irresponsible use, and Coinhive's implementation, it seems that end-users always come out on the losing end of this deal and especially on a corporate level, (the core of Trustwave SWG's users) we felt it was in the best interest of our customers to block this behaviour,” Davidi and Kenin conclude.

Story image
Thales: A/NZ cybersecurity approach more talk than action
“While some organisations are talking a good story … predicted spending shows that most have the wrong focus.”More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Five security challenges for the Enterprise of Things
Many enterprise networks aren't adequately managed, creating risk for businesses that don’t have full visibility into all of the devices on their network, writes Forescout regional director for A/NZ Rohan Langdon.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More