Story image

The Coinhive cryptocurrency miner - more trouble than it's worth?

16 Oct 2017

Cryptocurrency miners that hide amongst websites have been the subject of discussion for many in the security world lately, but are they causing more damage than they are worth?

Legitimate website owners embedded Coinhive JavaScript code in their website, which used visitors’ CPUs to mine the Monero cryptocurrency and delivered the payment direct to the site owner’s wallet.

However, it wasn’t long until cybercriminals from The Pirate Bay hijacked the trend, according to Anat Davidi and Simon Kenin from Trustwave’s SpiderLabs blog.

“Unfortunately a typo in their code caused the miner to use up all available CPU cores, causing CPU usage for many users visiting the site to go up to 99%. Whether or not you believe it was a typo, this is will be an interesting data point for later on,” Davidi and Kenin say.

This spurred a debate about whether cryptocurrency miners are worthwhile. Trustwave has now blocked the Coinhive miner because the company believes the end users are victims that receive no benefits.

Because Coinhive uses visitors’ CPUs to mine cryptocurrencies, and because site owners can modify site settings, in some cases the mining process can use 100% of all CPU power through a visitor’s browser.

While cryptocurrency mining can add to site owners’ revenue as an alternative to traditional ads, Trustwave says it is not a ‘better’ alternative.

“30% of the mined currency goes to Coinhive themselves, the other 70% go to the site owner. The power company gets what the user pays for the mining process and the user themselves? Well, hopefully they get an internet browsing experience with no ads.?” The researchers ask.

The company conducted an experiment that measured additional side effects to higher CPU usage, including heat and noise generation; and higher power bills.

The study gained a baseline measurement of one machine’s power usage and then compared that to the usage when the same machine was running Coinhive.

The machine generated 1.212kWh over 24 hours, which when put into context of regional power prices, can add as much as $14 per month to a power bill, assuming the miner runs all the time.

In Singapore, the tariff is 15 cents per kWh which adds US$5.45 per month to the bill.

In Germany the prices is 34 cents, or roughly US$12.30 a month.

In Australia, the price is between 34 and 47 cents depending on where you live, so about $9.80 to US$13.80 added to your monthly electricity bill.

“Additional factors such as overall consumption and times of day sometimes also affect these prices depending on where you live,” Davidi states.

He says that although it may seem extreme to imagine that a miner would run 24/7 on a machine, many corporate users may not turn off their computer at the end of a day.

The researchers continue to look at how cybercriminals leverage Coinhive. They are able to exploit servers (and visitors) to mine cryptocurrency directly into their wallet.

Because it is unclear who is behind the actual Coinhive code, it remains a dangerous platform.

“Somewhere between malicious use, irresponsible use, and Coinhive's implementation, it seems that end-users always come out on the losing end of this deal and especially on a corporate level, (the core of Trustwave SWG's users) we felt it was in the best interest of our customers to block this behaviour,” Davidi and Kenin conclude.

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.