malicious mining or opportunistic websites?

A growing trend on the web is using Monero mining to monetize websites. What started with fringe sites like Pirate Bay, is now going mainstream. This has raised alarm in some circles, but I think it’s a positive development.

To be clear, I’m not talking up the malware that persists on your machine and mines. What I’m bullish on is including Javascript in the website to mine while the visitor is on the site.

According to AdGuard, as many as 500 million users have thus far been targeted with the surreptitious mining of Monero. The Smominru botnet has been in operation since last May, and has allegedly infected more than half million Windows machines earning millions in profit. Most of the compromised machines have been identified to be in Russia, Taiwan, and India. This is an example of installing software on a machine without permission that persists and uses resources without the users’ permission or knowledge. I’m not advocating this of course!

Researchers from Proofpoint say it uses the CVE-2017-0144 “Eternal Blue” exploit and earns about $8500 per day. The Wannamine crypto-miner also uses the same exploit, but appears to be run by different actors.

But what about using javascript to mine ONLY when viewers are on your site, presumably consuming your content? This installs no software, and does not persist any code on your machine. I assert that this is a far superior way to monetize online content that the traditional advertising model.

Online advertising aggregation services let website owners take specific areas of the web page and allow a third party to auction it off in real time. Effective for advertisers, but this approach leaves website owners with no control over the code on their page. Malware has been infecting these ad networks, resulting in site owners unwittingly serving up malware in an effort to make a few pennies.

So is it any surprise that content publishers find solutions like Coinhive.js more appealing? If it becomes socially accepted, instead of the current knee-jerk reaction against it, this will be a more ribust and safer way to go. Logged in users can be rewarded with a portion of the proceeds too.

According to security researcher Troy Mursch, Coinhive may be pulling in Monero at a rate of $3.7 – $5 million USD annually, since they receive 30% of all Monero mined using their software. Of course, this is javascript so it can be hosted locally and modified to give 100% to the site owner as well.

For those who do not want to have mining software running in the background and without their knowledge, several anti-mining plugins have been developed that can be used today. Some examples include AntiMiner, NoCoin, and MinerBlock.

I should also point out again that this is Javascript, so it runs in the client browser. You can change this! A quick greasemonkey script could divert the proceeds entirely to your own wallet for example.

Is this the best way forward, and the possible death to the deeply problematic online advertising industry? The current model supports a huge network of players, including some of the shadiest malware vendors and botnet operators, and often results in malware infestation of the site viewers. What do you think?

Author: chain rat

crawlin around where nobody's lookin, gnawing on the crufty bits

Leave a Reply