New research from RWTH Aachen University in Germany has studied the prevalence of browser-based cryptocurrency mining, and the results have been ‘quite interesting’ to say the least. Although mining websites continue to be a problem, it’s not as prolific as you might think, with less than 1 percent of the Alexa top 1 million exhibiting code.
That said, there are plenty of sites outside this category that are infected with cryptocurrency mining code. This is either as a revenue-generating model to monetize websites and provide an alternative to ad-based ﬁnancing, or a website unknowingly being cryptojacked by a malicious miner. Here’s what else they found:
4. NoCoin, No Good
The NoCoin browser extension for Chrome isn’t good enough at detecting browser-based cryptocurrency mining. Instead, RWTH research applied a new technique based on WebAssembly fingerprinting to identify browser miners. As much as 82 percent of cryptocurrency mining websites go undetected by block lists.
3. Alexa Top 1M Contain Mining Code
On inspection of .com/.net./org and the Alexa Top 1 million domains mining code existed. Although, it wasn’t as prevalent as expected at < 0.08% of the probed sites.
2. Coinhive Is the Largest Web-Based Mining Browser
Taking the lion’s share of all in-browser cryptocurrency mining is Coinhive, used by as much as 75 percent of the sites examined. Of these, just 10 heavy users make up more than 80 percent of all short links, mainly targeting file sharing and streaming services.
1. Coinhive Mines 1.18% of All Monero Blocks
With a median hash rate of 5.5Mh/s from its visitors, Coinhive mines just over 1 percent of all Monero blocks, generating around $250,000 per month.
Commenting on the findings, Chris Olson, CEO of The Media Trust says:
“In the short period since Coinhive hit the market, hackers have added more techniques to make their cryptojacking campaigns more widespread and the Malware more persistent. Website operators who do not want to inadvertently infect their visitors with cryptomining malware should continuously scan their sites in real-time and get to know all their third-party vendors in order to ensure no code is executing unauthorized activities on their site.”