Illegal Cryptocurrency Mining Threatens Thousands of Popular Websites

As the popularity of cryptocurrency has grown and spread, so have related businesses. Unfortunately, both legal and illegal businesses have been popping up. Illegal cryptocurrency mining is one segment that is seeing growth. Because of it, some of the most visited websites on the planet are in peril.

Illegal Cryptocurrency Mining Discovered by RiskIQ

RiskIQ is a United States-based research company. They are one of the leading authorities in researching threat management in the digital space. They recently revealed that they have been actively tracking the cryptocurrency mining industry for 23 weeks.

Their claim acknowledges what we know well. That businesses related to the digital currency industry is in a growth mode. There are numerous cryptocurrency exchanges operating worldwide. Smart wallets and wallet services are found more in the mainstream. Crypto mining is a growing sector.

Though there are many benefitting in this industry, there are those that take advantage. They say that along with the good actors, there are bad actors too. With highly publicized hacker attacks, this is not news.

What is news is what their 23 weeks of compiling and examining research shows.

The Results of the Research

Often Visited Websites Targeted

After analyzing the Alexa top 10,000 most visited websites, they found that “.com” domains in the United States were most prone to illegal mining.

Using their native web crawler technology, RiskIQ download data from thousands and thousands of websites. Then they analyzed the data. Their goal was to “evaluate and determine the individual components which pointed towards cryptocurrency miner software.”

Their parameters in examining those most popular websites included “mining longevity, prevalence, and infrastructure.

RiskIQ’s results found 415 often visited servers were “running cryptocurrency miners.” They discovered over 4265 instances of illegal mining on “.com” domains. Also found were over 3,000 instances on “.fm” domains and almost 400 on “.net” domains.

As far as countries are concerned, the United States led the pack. Most of this illegal crypto mining had originated in the U.S. Germany was next, followed by France.

The company did not release exact numbers or reveal how many I.P. addresses were affected.

Welcome to the Dark Side…of Cryptocurrency Mining

Cryptocurrency mining does not always have the most squeaky clean reputation. News reports mostly seem to focus on the high levels of electricity needed in order to mine. There has also been much reported about “nefarious” mining operators and operations.

It seems that the good mining and bad mining each have their standard operating procedure. The legal enterprising miners seek out colder areas and countries. Especially where electricity is cheap and plentiful.

The “bad guys” favor infiltrating both public and private websites with their cryptocurrency mining software. Their software runs in the background. When people visit these popular websites, the miners are able to utilize the computing power of the visitor’s computers to mine cryptocurrencies.

There are websites that give visitors a choice. They ask the visitor for permission to show ads or to mine for cryptocurrencies. Most website administrators, however, have no idea that mining software is illicitly running on their site.

Only after they get complaints from their visitors do they figure it out. Seeing unusually high computing usage also clues them into the illegal activities.

Sites are targeted because of a rather convoluted detection process that the illegal miners can take advantage of.

How it Happens and What Hackers Use to Do It

According to Adam Hunt, chief data scientist at RiskIQ, with “cryptocurrency mining scripts, organizations must inventory all the third-party code running on their web assets and detect instances of threat actors leveraging their brand on illegitimate sites around the Internet. Threat actors realize the lack of visibility these organizations have and are targeting it accordingly.”

The most used software by the illegal miners is Coinhive. This may be familiar as “the infamous Monero (XMR)” mining software. It is preferred thanks to its “easy-to-access” JavaScript code.

The Coinhive software has reportedly been used to illegally mine cryptocurrency from spoof sites, brand websites, and government websites. The data compiled by RiskIQ points out that possibly over 50,000 websites are running the Coinhive software without the administrators’ knowing about it.


Comments (No)

Leave a Reply