Illicit Cryptocurrency Mining Affects Thousands of Most-Visited Websites
The rise of cryptocurrencies as an asset class has propelled the burgeoning of related businesses like wallet services, cryptocurrency exchanges, and the mining sector. However, the space is filled with beneficiaries and bad actors alike, as revealed by research from a U.S.-based company.
U.S. “.com” Domains Most Affected
On June 28, 2018, RiskIQ released an infographic which detailed and mapped the global cryptocurrency mining sector. The company is among the foremost research authorities in digital threat management and claims to have been tracking the mining industry for 23 weeks.
RiskIQ’s native web crawler technology downloaded and analyzed data from several thousands of websites to evaluate and determine the individual components which pointed towards cryptocurrency miner software. The research analyzed the world’s top 10,000 visited websites as collated by Alexa, with parameters including mining longevity, prevalence, and infrastructure.
Four hundred-fifteen “frequented” servers were found to be running cryptocurrency miners, with the “.com” domain attracting over 4,268 instances of illegal mining. Following closely were “.fm” and “.net” domains with 3,027 and 388 threats respectively.
In terms of countries, research revealed that the most mining activity originated from the U.S., with Germany and France in second and third places respectively. However, clear figures or numbers of I.P. addresses affected were not stated.
The Dark Side of Mining
The business of cryptocurrency mining attracts its fair share of media attention, mostly towards the sector’s high energy usage and nefarious operators. While enterprising miners are increasingly setting up in cold countries with cheap electricity, the bad characters infiltrate private and public websites with their mining software. The software runs in the background and secretly utilizes a visitor’s computing power to mine cryptocurrencies for the software operator.
Although some websites offer visitors the option to show ads or mine cryptocurrencies, most website administrators have no knowledge of the illicit operation of mining software. They usually find out about it after complaints from visitors or observing high computing usage.
Adam Hunt, chief data scientist at RiskIQ, concluded:
“In the case of cryptocurrency mining scripts, organizations must inventory all the third-party code running on their web assets and detect instances of threat actors leveraging their brand on illegitimate sites around the Internet. Threat actors realize the lack of visibility these organizations have and are targeting it accordingly.”
Coinhive, the infamous Monero (XMR) mining software, is the hacker’s favorite, reportedly due to its easy-to-access JavaScript code. As reported by BTCManager, Coinhive has been used to mine cryptocurrency from spoofed websites, government websites, and brand websites. Data from RiskIQ suggests that over 50,000 websites are running Coinhive without the administrators’ knowledge.