SLY_G December 26, 2017 at 16:04

Mining cryptocurrencies in the browser suddenly rose from the dead

Transfer

It was believed that crypto mining in the browser was dead, but now it is unexpectedly returning to haunt websites and their visitors again

Over the past few months of 2017, cryptocurrency mining has experienced explosive growth. After many years of deathly silence, the catalyst for this, apparently, was the launch in September of a new mining service in the Coinhive browser . The service delivers a neat package of programs for website owners, and gave birth to a new idea that has long been considered dead.

Tried, checked and buried

Mining in the browser, as the name implies, is a method of mining cryptocurrencies occurring inside the browser using a scripting language. It differs from the more well-known cryptocurrency mining system when a user downloads and runs a special executable file.

Mining for the first time in a browser appeared in May 2011 , when the first launch of the innovative BitcoinPlus.com service took place - when Bitcoin was cheap and mining was simple (do not confuse it with another cryptocurrency known as Bitcoin Plus(XBC)). This service was in many ways surprisingly similar to modern reincarnation, Coinhive. He used JavaScript code for mining, and website owners could subscribe to this service and embed scripts in web pages so that visitors could mine a crypt for them. The big difference was that in 2011, as the name BitcoinPlus.com understood, the Bitcoin mining site (BTC), and today's browser miners like Coinhive, Monero (XMR) miners, is a new cryptocurrency focused on privacy. In 2011, before mining on the ASIC appeared (in 2013), Bitcoin was in its infancy, the complexity of mining was small, and the cost of cryptocurrencies was even less. It was almost realistic to mine currencies using a home computer.

And although at that time it was possible to mine bitcoins via BitcoinPlus.com, in practice this lesson was by and large useless. The awards were meager compared to the required capacity and electricity. Of course, this was before the prices for bitcoins skyrocketed - in June 2011, the value of bitcoins rose to the then maximum of $ 30.

Due to a fundamental problem with profit from browser mining, the service soon disappeared. However, the idea was again restored in December 2013 by a group of students from MIT, in the form of the Tidbit project - allegedly advertised as an alternative way for website owners to make money. And again, this project did not live long, because shortly after its launch, a branch of the US Consumer Protection Agency, located in New Jersey, began an investigation in the new company on charges of illegal use of computer capabilities of users. The result was a lengthy trial, which ended only in 2015 .

The prospects for browser mining were very modest. The growing profitability problem has worsened due to an increase in the number of miners on the ASIC. This process took away bitcoin mining from home users and transferred it to an industrial area dominated by massive mining farms , more familiar to us today. After the disappearance of Tidbit, the idea of JavaScript-based browser mining of crypto by and large has again died.

But despite all these problems, key lessons have been learned. The goal of a service like Tidbit has never been to use separate servers or powerful mining computers. The true power of this service is to scale and use the potentially huge combined power of a large number of visitors to sites with medium iron. Increasing traffic means increasing profits, and, sooner or later, someone had to come up with an improved way to make mining in the browser work on end-user computers more efficiently.

Dawn of the dead

Fast forward to September 2017, when the position of cryptocurrencies has changed significantly compared to 2013. In April 2013, there were very few types of crypto on the market, and its total capitalization was estimated at only $ 1.5 billion. The crypto market was limited and illiquid, which meant that even if you earn something, it is very difficult to turn into fiat money and spend. This contrasts strongly with September 2017 , when market capitalization reached $ 166 billion, spread over more than a thousand different cryptocurrencies.

In addition to the variety of coins, a variety of reward mechanisms for working with them has also appeared. Some, like bitcoins, can be mined through proof of work[proof-of-work, PoW], using power-hungry ASICs - although attempts have been made to change this using various branches of the project, for example, Bitcoin Gold (BTG) and Bitcoin Diamond (BCD), calculated for mining through the GPU. Other cryptocurrencies like Monero, Ethereum (ETH), Ethereum Classic (ETC) and Dash (DASH) can be mined using the GPUs available in stores, which can be found on many computers. There are currencies that are more suitable for mining on the CPU - Monero and Verium Reserve (VRM). The trading environment has also changed - now it is much easier to make fiat money and crypto exchanges, which makes the latter more useful and valuable.

It was against this background that Coinhive released its scripts that could mine Monero, which brings the idea of browser mining back to life.

News spreads fast

Coinhive is touted as an alternative to browser-based advertising. The motivation is simple: users do not pay for the content directly, by mining, when visiting the site, and site owners do not have to bother users with advertisements, trackers, and other common accessories. As a result, users get cleaner and faster, as well as potentially less dangerous sites, and everyone is happy. What could have gone wrong?

Shortly after the release of the service, hash counting rates began to grow rapidly. The hash rate is the number of hashes counted by all miners in total, measured as the number of hashes per second. Usually this indicator is measured in millions (MH / s). Hashing is a cryptographic parameter count used to process transactions. Miners participating in the general calculations of the fund receive their share of the income generated by the entire fund.

According to the blog Coinhive, speed counting hashes jumped from 0 MH / s to 3 MH / s for a couple of days, and then during the week increased to 13,5 MH / s. To make it clear, the total hash counting rate for the entire network(The total mining power of all computers involved in this) Monero September 20, 2017 was within 260 MH / s. The total capacity of the Coinhive pool reached 5% of this figure, which is pretty good for such a short time.

Monero can be mined both on the CPU and on the GPU, but the mining service in the Coinhive browser only works with the CPU, and this limitation seriously reduces potential revenue.

To maximize profits, the script is best placed on websites with high traffic, as well as on sites where the user stays on the page for a long time. According to one of the first users, the profit from mining on his site was much less than the profit from advertising.

To the credit of Coinhive it is worth saying that the project recommends observing transparency with site visitors and notifying users about the ongoing mining, and even better, offering users ways to participate in it. Unfortunately, despite good intentions, unprincipled operators quickly adopted the idea of secret mining in the hope that users would not notice anything.

Flow start

The first popular site to start using Coinhive was The Pirate Bay torrent tracker. The history of this site is not smooth, and since it is very popular ( taking 161 place in the global ranking of sites with 290 million visitors over the past six months), it is constantly looking for alternative ways to monetize its bulk traffic. His initial mining attempts were quickly noticed by users who did not like it much. At least in this case, the decision to use Coinhive was made by the site owners.

Another popular project soon followed The Pirate Bay - this time a miner from Coinhive was found on two Showtime sites. One of the sites involved in this provided streaming video, it had a lot of traffic and users stayed on the page for a long time while the video was transferred to the browser. Showtime is a paid service, so it’s strange enough that users were forced to pay for content twice. Scripts were quickly removed after detection, which suggests that they could be placed there with malicious intent.

Soon, there were reports of many other sites where mining scripts were discovered for Coinhive. During Thanksgiving holiday in the USA, the Coinhive miner was discovered in the LiveHelpNow widget.used on many different sites and offering live chat with customer support. The reason for this was that one of the CDN servers used by LiveHelpNow was compromised. As in the case of Showtime, the LiveHelpNow service is a legitimate and profitable business, so it is unclear why he had to risk the trust of users in order to earn a few extra dollars. So, the most likely option is when the server was compromised by a third party, possibly working in the company.

Mining in the browser periodically appears in other places:

These scripts have already been seen in several browser extensions and plugins.
Fake support pages are embedded by miners to earn even more. The load on the CPU caused by mining can help convince the user of problems and increase the chances of getting caught.
People even try to mine on reserved domains - those where you occasionally end up making a mistake with the name of the site.

Why is mining in the browser gaining momentum?

There are many reasons for the return of mining in the browser. Unlike previous unsuccessful attempts, recent developments in the field of cryptocurrencies have made this activity more profitable. Consider some of the factors in more detail.

The advent of cryptocurrencies focusing on privacy

Privacy is important if you want to secretly mine coins so that other people cannot track them down to you. Monero, launched in 2014, offers a high level of transaction privacy. Unlike other crypts that use public transparent blockchains where transaction addresses are viewable by anyone, Monero works differently. By default, everything is hidden in it, including the amount of the transfer, sender and recipient. There is an option in which wallet owners can selectively disclose information using a “ viewing key ”, but this function is unlikely to be used by cybercriminals.

Ease of use

As mentioned, Coinhive provides a convenient and easy-to-use software package to people who want to participate in Monero mining. All you need to do is add a few lines of code to the website code. No need to force visitors to download and install executable files.

The mining process can start quickly and without unnecessary noise, unless the processor is heavily overloaded, which is why mining will be easy to detect.

Large-scale mining profitability on conventional computers

Monero cost has recently surpassed the $ 300 mark, and the total computing power of the network reaches 300 MH / s, so profitable mining is a large-scale game that requires careful cost estimation.

In the case of mining in the browser, its cost is borne mainly by visitors, due to wear and tear of iron and waste of energy. The scale is achieved when using sites with high traffic and a long presence on the pages.

Coinhive is currently paying 0.000104 XMR ($ 0.025) per million hashes . If you take a PC user with an average Intel i7-7700K processor capable of processing 300 H / s, then he will need to spend 3333 seconds on the site, or 55 minutes, to calculate a million hashes. But if you can get 3333 users to spend one second on the site, the result will be the same.

Even under optimal conditions, the number of hashes produced in each case will be small, but with distributed computer power everything depends on scale, and it’s going around the world.

Cryptocurrency Growth Factor

As we have already noted, the value of mining rewards is small, at least in the first place. To better understand the situation, you need to look at the profitability of this occupation in the long term and take into account the macroeconomic component. The cost of cryptocurrencies like Monero is growing at an impressive pace. In 2017, the cost increased from $ 13 to $ 300. Under such conditions, when the cost of Monero can grow strongly in dollars in a fairly short time, mining Monero can become attractive. A small amount of coins mined today will be able to cost serious money in just a few months (or get much cheaper, depending on the cryptoeconomics).

Reflecting the increase in interest in the crypto and its value, in recent months there has been a big jump in the number of miners we found based on both executable files and browsers.

Mine on the go

Hidden mining is not limited to desktop computers and servers. Mobile devices connected to the Internet are increasingly becoming its target. In recent years, we have seen an increase in mining on mobile phones. In 2016, we discovered 26 different cryptocurrency mining Android apps. In 2017, we already found 35 - 34% more.

The processor power of modern mobile phones can be comparable to the power of lower or middle class desktop computers, which helps to increase the value of mobile mining. But this process is always energy-intensive, which is why the fastest battery consumption will be the biggest problem of mobile mining, since battery manufacturing technologies lag behind the growth of computing power. Mobile mining will inevitably be noticed due to excess heat and fast battery drainage, not to mention problems with the speed of the device that may occur.

What awaits us in the future?

If you look at the cryptocurrency market as a whole, you can see that, along with a multiple increase in the value of cryptocurrencies, the interest in malicious mining in the same way increases, both on the basis of browsers and executable files.

And with increasing interest in activity, more and more people are connecting, both miners and tool manufacturers. Coinhive, even the most famous project, does not own the entire market. Similar projects appear, for example, Crypto Loot , or JSEcoin , which is in beta testing since August 2017, which are also trying to grow.

Symantec has seen a significant leap in mining in recent months, which is reflected in the number of detections of malicious applications. Despite the sincere desire of the majority of mining projects in the browser to offer a real and potentially better alternative to traditional ways of making money, the sad reality is that this method can be abused, which is actually happening.

Increasing user awareness and detection of this activity by security companies will launch a new arms race between cybercriminals and defenders. Recent innovations in the malicious use of browser-based mining scripts, such as hidden pop-ups that run the miner, are indicative of this process. A wide range of malware distribution channels and detection avoidance technologies can be expected to help spread and extend the mining process to maximize profits. While current factors work in favor of mining, one can expect to maintain or even increase interest in mining in browsers in the short and medium term.

How Symantec Helps Prevent Mining in Browsers

Symantec carefully monitors the growing trend of mining in browsers. If necessary, we make changes to prevent the operation of unwanted cryptocurrency miners and the theft of your computer resources in order to enrich third parties.

Site owners need to monitor the injection of mining scripts into the code of their site. Our network solutions can help to notice this activity in network traffic when your server communicates with visitors. In addition, a file system scan can show all files that can be associated with mining in the browser, which will help you detect and delete this inappropriate content.

Symantec helps prevent theft of computer resources by protecting your computer at different stages of the attack.

Block mining on end devices

Our solutions for end devices are able to recognize and block all types of mining based on both executable files and browsers. These solutions can prevent the installation and launch of mining programs themselves. Scripts for mining in the browser are recognized as PUA.JScoinminer .

Tags: