Skip to main content

Report claims ecommerce sites are hijacking visitor CPUs to mine digital coins

CoinHive
Image used with permission by copyright holder
Several months ago, reports surfaced claiming that CBS-owned Showtime was allegedly accessing the processors of PCs visiting two of its websites to secretly mine virtual coins. The process is called “cryptojacking,” and relies on code embedded in a website that silently runs mining software within the visitor’s browser. It’s a growing problem, and a recent report indicates that it’s even spreading across legitimate ecommerce sites, generating virtual money in the background while you spend real-world cash.

The growing practice of mining virtual coins within a visitor’s browser stems from a new JavaScript kit called CoinHive. There’s nothing malicious about this software, as it’s specifically designed to mine virtual coins within a web browser using the visitor’s processor. It’s meant to be an alternative payment method for visitors: mine coins for the site in return for free downloads, ad-free video streaming, in-game items, and so on.

Recommended Videos

But in a report provided by independent security researcher Willem de Groot, he found at least 2,496 online stores running CoinHive in the background. Even more, 80 percent of these online shops were likely not running the mining software on purpose, as he discovered they were also infected with malware that steals payment information during transactions, also known as “payment skimming.”

Please enable Javascript to view this content

Groot also notes that out of the 2,496 infected ecommerce sites, 85 percent were linked to a mere two CoinHive accounts, and the remaining 15 percent were connected to multiple unique accounts linked to the ecommerce companies. Groot believes that the bulk of the infected sites are running outdated ecommerce software with well-known software vulnerabilities, enabling hackers to inject these sites with CoinHive and payment skimming malware.

At the time of this post, one “infected” website was Subaru’s online shop in Australia. Sure enough, when we visited the site, the tab in Google’s Chrome browser began using 45 percent of our CPU, waking up the chip’s cooling fan. Once we exited the page, the tab’s CPU usage dropped back down to near zero, and the fan went quiet. We didn’t find any reference to CoinHive in the site’s source code, but rather a hidden “iframe” that loads up a page labeled “Apache2 Debian Default Page.” The CoinHive JavaScript resides towards the end of the page’s code so it’s not blatantly visible on Subaru’s website.

CoinHive
Image used with permission by copyright holder

There’s also something definitely going on at Musicas.cc. When we visited the site, the Chrome browser tab shot up to nearly 90 percent of CPU usage. We also found the CoinHive JavaScript listed at the end of the page’s source code, verifying that it is indeed mining virtual coins in the background without any warning on the site’s main page.

“Some sites bluntly include the official coinhive.js file, others are more stealthy,” he reports. “Others disguise as Sucuri Firewall.”

To prevent sites from hijacking your processor for digital coin mining, you can use stand-alone software with a built-in ad-blocker, or install a similar plugin within the browser. Another method is to edit the “hosts” file located in the “windows\system32\drivers\etc” directory with Notepad to add “coin-hive.com” and “coinhive.com” on the blocked list.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
ChatGPT’s new Pro subscription will cost you $200 per month
glasses and chatgpt

Sam Altman and team kicked off the company's "12 Days of OpenAI" event Thursday with a live stream to debut the fully functional version of its 01 reasoning model, as well as a new subscription tier called ChatGPT Pro. But to gain unlimited access to these new features and capabilities, you're going to need to shell out an exorbitant $200 per month.

The 01 model, originally codenamed Project Strawberry, was first released in September as a preview, alongside a lighter-weight o1-mini model, to ChatGPT-Plus subscribers. o1, as a reasoning model, differs from standard LLMs in that it is capable of fact-checking itself before returning its generated response to the user. This helps such models reduce their propensity to hallucinate answers but comes at the cost of a longer inference period and slower response.

Read more
Surface Pro alternative: This Asus Chromebook is another $70 off today
A man holding the Asus Chromebook CM3001 Laptop.

While fast and powerful CPUs and GPUs go a long way with a desktop or laptop, not every PC needs to be a workhorse. Some folks only need a computer for basic web browsing or watching the occasional HD movie or show. That’s why we’re always on the lookout for great Chromebook deals. These Chrome OS machines are just strong enough to deliver a notch above the basics, and today, we found an excellent discount on an Asus Chromebook. For a limited time, when you purchase the Asus Chromebook CM3001 Laptop at Best Buy, you’ll only pay $230. At full price, this model sells for $300.

Why you should buy the Asus CM3001 Laptop
From its convenient 2-in-1 design (check out our list of the best 2-in-1 deals) to its beautiful 10.5-inch 1920 x 1200 touchscreen (WUXGA), the CM30 is a laptop you’ll have zero issues taking just about anywhere. Its light form factor is a huge plus, and when closed, the CM30 is only 0.67 inches thick! And while we’re not dealing with Intel or AMD for internals, the onboard MediaTek Kompanio 520 CPU runs and smooth and efficient ship. It's also a great Surface Pro alternative, for those tiring of the Windows way.

Read more
Get Copilot+ features for less with this Asus laptop deal
An Asus ProArt P16 laptop on a white background.

One of the best laptop deals right now is perfect for anyone who is seeking a Copilot PC. If you’re looking to enjoy AI features, check out the Asus ProArt P16 laptop which is $200 off at Best Buy. The laptop normally costs $1,900 but right now, you can buy it for $1,700. A high-end productivity-focused laptop which also packs a punch for some gaming too, this is an ideal workhorse of a PC. Here’s all you need to know about it alongside some insight into the wonders of Copilot.

Why you should buy the Asus ProArt P16 laptop
Asus features in our look at the best laptop brands thanks to the company being great at developing all-rounder laptops. The Asus ProArt P16 laptop is one such highlight. It has an AMD Ryzen AI 9 HX 370 CPU, 32GB of memory, 1TB of SSD storage, and an Nvidia GeForce RTX 4060 GPU.

Read more