Hundreds Of websites mining cryptocurrency without user consent

[Esau.]

No idea if folks still use TPB (I haven't since it's first take down a few years back) but in case folks still are, be aware.

Also, if you use utorrent, starting with 3.4.2 build 28913, they've done it as well, link below in article. No idea if they still are though. I still use version 2.2 Build 23235 and its clean.

 

https://www.hackread.com/the-pirate-bay-caught-running-cryptocurrency-mining-script/

 

Quote

In 2015, it was reported that uTorrent was secretly installing Epic Scale Bitcoin mining software on users’ computer to get generate revenue. Now, something similar has happened with The Pirate Bay (TPB), one of the most visited platforms for downloading pirated content. As Alexa shows TPB is among 87 most visited sites in the world while it holds the rank of 55 in the United States.

Many wonder how the platform earns money? Well, it’s simple; it’s through third-party advertising and affiliate marketing mostly related to Virtual Private Network (VPN) software.

However, recently; the Pirate Bay’s domain thepiratebay.org has been found using a cryptocurrency mining code to hijack CPUs of its visitors to generate Monero digital coins.

This was discovered by none other than TPB’s visitors themselves who noticed that upon visiting the site, their CPU usage dramatically increased. On further analysis, it was discovered that the site carries a cryptocurrency miner who uses their CPU to generate digital currency.

 

One of the users “Intertubes_Unclogger” who discovered the script wrote in a Reddit post that while visiting TPB “I was looking at a torrent page and suddenly all my CPU threads went 100% 80-85%, something which usually only occurs when I’m encoding stuff. Happens on some pages, and it only stops when I navigate back to the home page or close the tab.”

“The code in question is tucked away in the site’s footer and uses a miner provided by Coinhive. This service offers site owners the option to convert the CPU power of users into Monero coins,” reports TorrentFreak.

It’s understandable that online businesses providing free stuff have to make money to keep themselves up and running but it’s quite upsetting that on TPB it was done in secret and without the knowledge of its visitors.

However, TorrentFreak has received an official explanation from TPB according to which “the miner is being tested for a short period (~24 hours) as a new way to generate revenue.” It further stated that if the experiment goes successfully the site may remove ads and use the miner on a permanent basis.

The Pirate Bay users have now two things to sort out; one is downloading torrents from the site without giving away their IP address and second making sure the site’s cryptocurrency mining script won’t use their PC’s processor cycles.

 

Edited October 14, 2017 by Esau.
Revise thread title

[Davey Boy 2.0]

wow....that is kinda brilliant though, if I'm understanding that correctly.

[Esau.]

I tried mining software years ago when I first heard of bitcoin but at the time I didn't have a machine strong enough to do it and make it worthwhile. I even fried a graphic's cards trying. But, now-a-days most people tend to have the bandwidth and computers capable of doing it (eg: gaming style pcs with powerful graphics cards) and the fact that bitcoin is worth a fair amount (1 BC = 4834.09 CDN  //  3,946.15 USD) there is a rise in this type of crap and considering places like TPB or software like utorrent boast of millions+ users/visitors daily it's no surprise really that this shit is no longer done via viruses but more or less in the open. I suspect it'll only become more popular too.

 

 

[bouche]

1 hour ago, Esau. said:

I tried mining software years ago when I first heard of bitcoin but at the time I didn't have a machine strong enough to do it and make it worthwhile. I even fried a graphic's cards trying. But, now-a-days most people tend to have the bandwidth and computers capable of doing it (eg: gaming style pcs with powerful graphics cards) and the fact that bitcoin is worth a fair amount (1 BC = 4834.09 CDN  //  3,946.15 USD) there is a rise in this type of crap and considering places like TPB or software like utorrent boast of millions+ users/visitors daily it's no surprise really that this shit is no longer done via viruses but more or less in the open. I suspect it'll only become more popular too.

 

 

Same here.  It wasn't easy to get setup at all.  My vid card sounded like a leaf blower.   I let it run for like a half-hour and then computer overheated and shutdown.  I started looking at mini mining rigs, and they were really hard to come by.  Back orders were months away, so I gave up.  Coins were about $50 at the time. Should have just bought a dozen.  They're only worth about $5000 CAD right now.

I'm surprised that mining can now be done via a web script considering the hefty requirements, but I guess distributing the load is all that it takes. Nifty, but very very very shady.

[Esau.]

I tried mining in 2010, I think they were worth less than 25 cents at the time. That was part of why I felt it wasn't worth it, the stress on my machine and the low value didn't seem worth it. Especially since I had fried a GTX 480 1.5G, and that was an expensive GPU at the time. I thought I was being smart by letting the software run when I went to bed. I had 4 coins by 2011/2012, they were worth about $15-25 each and the price was starting to drop, so I traded them off for two 100 GB HDDs. At the time I didn't think BC would last. Big mistake obviously.

I wouldn't even consider using my current rig for doing it, I built this one over xmas last year and really enjoy my ASUS Radeon RX 480 8GB. Not too mention the rest of the set up.

 

[bouche]

1 hour ago, Esau. said:

I had 4 coins by 2011/2012, they were worth about $15-25 each and the price was starting to drop, so I traded them off for two 100 GB HDDs. At the time I didn't think BC would last. Big mistake obviously.

oh yeah, I can imagine that seeing them at $25 was pretty exciting at the time.  That was certainly prime time to be mining. 4 coins collected is pretty amazing.

[Esau.]

More sites caught using this crap.

 

Quote

CloudFlare says sites running mining code without notifying users are considered to be malware.

In the last couple of weeks, researchers discovered an increasing trend in which website owners were found using cryptocurrency miners that can hijack CPUs of its visitors to generate digital currency without informing users.

First, it was The Pirate Bay and later two domains owned by CBS Corporation’s premium cable network Showtime’s websites were found to be mining cryptocoins. However, now, CloudFlare has booted off torrent proxy site (ProxyBunker.online) for secretly using Coinhive miner.

According to TorrentFreak, ProxyBunker started using Coinhive miner just four days before its suspension. Justin Paine, head of trust and safety at Cloudflare told ProxyBunker’s administrators that since they were using the minor secretly, it is considered as malware as users have no option to opt out of it or disable the code.

“Multiple domains in your account were injecting Coinhive mining code without notifying users. … We consider this to be malware, and as such the account was suspended, and all domains removed from Cloudflare,” Paine said.

Currently, users have mixed reactions over the issue. While discussing The Pirate Bay’s cryptocurrency mining issue on Facebook, Cláudio Marcelo Silva a HackRead reader wrote that “Nothing wrong about doing it. But you need to be transparent about it.”

Another reader Pierre Ciholas wrote that “Am I the only one who prefers having my browser used as a crypto miner during the brief time I browse a website to support them instead of having a dozen of advertisement and popup for porn websites?”

Danny Marshall, an avid reader, wrote that “Do you people have any idea you have to pay the extra bill from your salary for extra CPU usage?”

It is although a rare practice, but if adopted on a long-term basis it might replace ads for good as advertisements can be malicious and annoying at times. However, the fact that it hijacks computers for crypto mining deeply concerns for users, therefore, website owners should allow users to choose whether they want the site to use their CPU for mining or not.

On October 4th, PassThePopcorn torrent announced that it would start generating Monero digital coins but at the same time, it will let users opt-in and control by the whole process which is the right way to go.

 

https://www.hackread.com/cloudflare-boots-off-torrent-site-for-using-cryptocurrency-miner/

[bouche]

even more interesting concepts in there. this could become a viable financing model, that is if there is a transparent opt-in and elevated membership (rewards/incentives) involved.

[Esau.]

https://www.hackread.com/hackers-compromising-websites-to-mine-cryptocoins-via-user-cpu/

Quote

For the last couple of weeks, the trend of inserting code in websites that generate cryptocurrency has been growing like never before. What might worry some is that it uses visitor’s computers to start and finish the process.

Recently, Trend Micro, a cybersecurity firm discovered that hackers are compromising charity, school, and file sharing websites with a particular code that allows the site to use visitor’s CPU in order to generate cryptocurrency.

By doing so, the code converts the visitor’s computer into a miner. This means the greater the number of computers the quicker will be the process of generating digital currency and in return, the greater the amount of money. In the end, the victim will suffer from expensive electricity bill.

According to Rik Ferguson, vice-president of security research at Trend Micro “This is absolutely a numbers game. There’s a huge attraction of being able to use other people’s devices in a massively distributed fashion because you then effectively take advantage of a huge amount of computing resources.”

The security firm discovered that hundreds of famous websites are using the code. Some are using “Coin Hive” code, some are using JSE Coin script while some have no idea how the code got onto their websites.

To get rid of it, some site owners have simply removed the code while some have updated their security policies and issued patches. There are those who are still investigating the issue emphasizing on how their site was compromised and how the code ended up on it without triggering any warning.

BBC reported that developers of Coin Hive are also taking action against those misusing their code for malicious purposes. “We had a few early users that implemented the script on sites they previously hacked, without the site owner’s knowledge. We have banned several of these accounts and will continue to do so when we learn about such cases,” Coin Hive told BBC.

In a tweet, FiveM, a modification framework for GTA V said that they had issued a security update just to stop users from adding miners to their code.

CloudFlare, a content delivery network and Internet security service also booted off a torrent website for secretly mining cryptocurrency miner. The company said “mining code without notifying users. … We consider this to be malware.”

Last month, The Pirate Bay website was caught “testing” cryptocurrency miner while two domains owned by CBS Corporation’s premium cable network Showtime’s sites were also found to be mining cryptocoins without informing their visitors.

In another report, Trend Mirco said that hackers are also using smart home devices to generate cryptocurrency. “Trend Micro data shows that more and more home devices are being compromised—we blocked over 90% more home network attacks in September compared to July, and most of the attacks are attempting to mine cryptocurrency,” said Trend Micro.

Although it is a rare practice; if adopted on a long-term basis, it might replace ads for good as advertisements can be malicious and annoying at times. However, the fact that it hijacks computers for crypto mining deeply concerns users, therefore, website owners should allow users to choose whether they want the site to use their CPU for mining or not.

 

[Esau.]

On 10/6/2017 at 1:20 PM, bouche said:

even more interesting concepts in there. this could become a viable financing model, that is if there is a transparent opt-in and elevated membership (rewards/incentives) involved.

Just like ads, users will seek out ways of blocking the script. I know I'll be looking as it seems this practice is getting more and more popular, and by companies, that in my opinion shouldn't require it, nor be stressing users systems or bandwidth, like CBS. I get that site owners need ways to generate income to help cover costs since so many users block ads, but this method is more damaging (again, my opinion) then the risk of malicious scripts contained within ads - which for the most part isn't an epidemic by any means. I mean, how long before the folks who write the malicious scripts that get injected into ads simply inject them into mining scripts?  And how long before sites start figuring out how to inject mining scripts into downloads? Especially torrents, and on sites were share ratios are enforced, meaning users will either have to accept that their systems/utilities are being used or be kicked off a site for not maintaining an acceptable ratio. 

utorrent was already caught installing (stealthy 3rd party like) mining scripts on user systems that updated their software, and it's likely mining scripts will eventually be hard written into software making it practically impossible to block or opt out, short of just not using it at all. Considering that a lot won't be transparent about it being there, users simply won't know. Given the rising value of nation-less digital currency like bitcoin, I suspect games will be the first software this stuff shows up in - its the best cover for it as systems will already being running at elevated levels making it less likely it will be detected by most users.

 

[edit to add]

Almost forgot..

The Pirate Bay Caught Secretly Running Cryptocurrency Miner Again

https://www.hackread.com/the-pirate-bay-caught-secretly-running-cryptocurrency-miner-again/

 

[Esau.]

I edited the thread title as it's well beyond TPB and a few sites it appears.

 

Hundreds Of websites mining cryptocurrency without user consent

 

https://www.hackread.com/hundreds-of-websites-mining-cryptocurrency-without-user-consent/

 

Quote

Previously it was reported that torrent search platform The Pirate Bay and other popular sites have been using visitor PCs to mine cryptocurrency and new reports have revealed that these are not the only websites that are exploiting our PCs but hundreds of websites are mining cryptocurrency without notifying the users.

Bitcoin or Monero are some types of cryptocurrencies that can be mined and received through computation. When a site that is mining cryptocurrency is visited, there is a surprising surge in the CPU usage, which can prove to be beneficial for website owners because when a large number of PCs donates their powers, the mining is successful in earning revenues.

The report published by Adguard states that within merely weeks since the revelation about The Pirate Bay, there is an astounding increment in sites that mine cryptocurrencies through PCs of their site’s visitors.

Reportedly, 0.22% of the top 100,000 sites on Alexa List are discovered to be mining cryptocurrency, which means about 220 sites are involved in mining while the average of visitors on these sites is nearly 500 million and this audience arrive from various parts of the world from the USA and Europe to Asia and South America. While JSEcoin and CoinHive are the two most common and popular scripts that are employed to acquire cryptocurrency.

Adguard explains that around $43,000 have been raked in by these domains without any expenditure and within only three weeks. Reports also reveal that The Pirate Bay made $12,000 per month through cryptocurrency as the traffic flow is quite heavy on its domain.

It is worth noting that most of the websites that are using miners are not as reliable and come from the blurry background. These include torrent search sites, pornographic sites, domains that host pirated content and similar other sites.

As per the analysis of Adguard, websites having “shady reputation” are involved in browser mining; these sites otherwise find it difficult to make money through standard advertising practices, therefore, they use such tactics. Sites offering video-based content are most likely to generate income through mining more than any other.

However, if handled appropriately, mining of cryptocurrency has immense potential as many users would agree to lend their CPUs so that they could get rid of annoying ads; but consent of users must be given importance. Domain operators need to respect end users and seek permission. Without user consent, domain operators are putting their reputation at risk, which might prove to be detrimental to their image in the long run.

CoinHive released the following statement after learning about the mining scheme used by websites:

“We’re a bit saddened to see that some of our customers integrate CoinHive into their pages without disclosing to their users what’s going on, let alone asking for their permission. We believe there’s so much more potential for our solution, but we have to be respectful to our end users.”

Remember that adblockers will block these scripts and it is on developers of cryptocurrency mining scripts and domain operators to transform this scheme into a reliable alternative to advertising.

“Providing a real alternative to ads and users who block them turned out to be a much harder problem. CoinHive, too, is now blocked by many ad-block browser extensions, which — we have to admit — is reasonable at this point,” stated CoinHive rep.

 

[Esau.]

On 10/12/2017 at 10:11 AM, Esau. said:

 I suspect games will be the first software this stuff shows up in - its the best cover for it as systems will already being running at elevated levels making it less likely it will be detected by most users.

 

Didn't take long at all!

Quote

Russian Hacker Exploits GTA 5 PC Mod to Install Cryptocurrency Miner

As per their findings, the Arbuz GTA 5 mod was utilized as the source of distribution of malware whereas Anton was found to be using malware WaterMiner for mining cryptocurrency. WaterMiner is a modified version of the authentic open-source XMRig miner. Through the malware, Anton successfully harvests Monero coins. All this is done without alarming the mod user.

Full article: https://www.hackread.com/russian-hacker-exploits-gta5-pc-mod-to-install-cryptocurrecy-miner/

 

[c-towns]

So,  what is this doing to the common user who still torrents shows and such? I have read all of these articles and can't seem to grasp whats going on. Malware is using my CPU to mine bitcoins, is it causing my computer to work harder therefore using more power?

[bouche]

On 10/20/2017 at 3:41 PM, c-towns said:

So,  what is this doing to the common user who still torrents shows and such? I have read all of these articles and can't seem to grasp whats going on. Malware is using my CPU to mine bitcoins, is it causing my computer to work harder therefore using more power?

That would be part of the concern.  "Why is my computer acting so sluggish?  I'm just running the browser."  Then you find out some sneaky script is mining bitcoins using up resources.

There's also no way to know what else is hiding in code like that.  Could it also eventually be capturing keystrokes, and sending personal data?  Hey maybe they'll also evolve to use your file system to dump some files and share nasty shit with your internet connection.

[bouche]

What app or site can  be used to actually sell off bitcoin in Canada (via interac transfer etc)?   Apparently coinbase can't do that anymore.