Report claims ecommerce sites are hijacking visitor CPUs to mine digital coins

CoinHive
Several months ago, reports surfaced claiming that CBS-owned Showtime was allegedly accessing the processors of PCs visiting two of its websites to secretly mine virtual coins. The process is called “cryptojacking,” and relies on code embedded in a website that silently runs mining software within the visitor’s browser. It’s a growing problem, and a recent report indicates that it’s even spreading across legitimate ecommerce sites, generating virtual money in the background while you spend real-world cash.

The growing practice of mining virtual coins within a visitor’s browser stems from a new JavaScript kit called CoinHive. There’s nothing malicious about this software, as it’s specifically designed to mine virtual coins within a web browser using the visitor’s processor. It’s meant to be an alternative payment method for visitors: mine coins for the site in return for free downloads, ad-free video streaming, in-game items, and so on.

But in a report provided by independent security researcher Willem de Groot, he found at least 2,496 online stores running CoinHive in the background. Even more, 80 percent of these online shops were likely not running the mining software on purpose, as he discovered they were also infected with malware that steals payment information during transactions, also known as “payment skimming.”

Groot also notes that out of the 2,496 infected ecommerce sites, 85 percent were linked to a mere two CoinHive accounts, and the remaining 15 percent were connected to multiple unique accounts linked to the ecommerce companies. Groot believes that the bulk of the infected sites are running outdated ecommerce software with well-known software vulnerabilities, enabling hackers to inject these sites with CoinHive and payment skimming malware.

At the time of this post, one “infected” website was Subaru’s online shop in Australia. Sure enough, when we visited the site, the tab in Google’s Chrome browser began using 45 percent of our CPU, waking up the chip’s cooling fan. Once we exited the page, the tab’s CPU usage dropped back down to near zero, and the fan went quiet. We didn’t find any reference to CoinHive in the site’s source code, but rather a hidden “iframe” that loads up a page labeled “Apache2 Debian Default Page.” The CoinHive JavaScript resides towards the end of the page’s code so it’s not blatantly visible on Subaru’s website.

CoinHive

There’s also something definitely going on at Musicas.cc. When we visited the site, the Chrome browser tab shot up to nearly 90 percent of CPU usage. We also found the CoinHive JavaScript listed at the end of the page’s source code, verifying that it is indeed mining virtual coins in the background without any warning on the site’s main page.

“Some sites bluntly include the official coinhive.js file, others are more stealthy,” he reports. “Others disguise as Sucuri Firewall.”

To prevent sites from hijacking your processor for digital coin mining, you can use stand-alone software with a built-in ad-blocker, or install a similar plugin within the browser. Another method is to edit the “hosts” file located in the “windows\system32\drivers\etc” directory with Notepad to add “coin-hive.com” and “coinhive.com” on the blocked list.

Computing

Mining cryptocurrency for Razer Silver isn’t worth your computing power

Gaming peripheral maker Razer launched a cryptocurrency mining scheme called SoftMiner. You use its software to mine and in return, you get Razer Silver which you can use to buy Razer gear.
Computing

Here’s how to install Windows on a Chromebook

If you want to push the functionality of your new Chromebook to another level, and Linux isn't really your deal, you can try installing Windows on a Chromebook. Here's how to do so, just in case you're looking to nab some Windows-only…
Business

How to start your online business in 6 simple steps

Making the right choices now can greatly impact your success down the line, and the last thing you want to do is spend your energy revisiting old decisions instead of growing your company.
Computing

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.
Computing

Heal your wrist aches and pains with one of these top ergonomic mice

If you have a growing ache in your wrist, it might be worth considering changing up your mouse for something ergonomic. But which is the best ergonomic mouse for you? One of these could be the ticket to the right purchase for you.
Computing

Nvidia’s Jetson AGX Xavier module is designed to give robots better brains

Nvidia's pricey Jetson AGX Xavier might help drive the next generation of smart robots. Nvidia hopes that developers will use its new Xavier module to power AI-driven machines like delivery drones and robots used in manufacturing.
Computing

Leaked AMD Ryzen 3000 mobile benchmarks look fit for thin, low-power laptops

AMD is poised to give Intel a run for its money in the ultra-low-power processor space for laptops. Leaked benchmarks for the Ryzen 3000 APU series show the AMD processor besting Intel's Core i7 Y series in multicore performance.
Computing

These Windows 10 keyboard shortcuts will update your OG Windows skills

Windows 10 has many new features, and they come flanked with useful new keyboard shortcuts. Check out some of the new Windows 10 keyboard shortcuts to improve your user experience and save more time!
Mobile

Apple is spending $1 billion to hire up to 15,000 new employees in Austin

Apple has announced a series of expansions across the U.S. -- including a massive expansion to the company's Austin campus that will see it spending $1 billion to accommodate for up to 15,000 new employees.
Computing

Will Windows 95 be reimagined? Microsoft’s tweet hints at a throwback

The classic Windows operating system may just be getting a reboot of its own. Microsoft tweeted a cryptic message involving the Windows 95 logo and saying that it had a special announcement for its customers today.
Computing

Microsoft Surface Pro 6: Everything you need to know

The Surface Pro 6 is officially here, though it's not as big of a redesign as you might have hoped. With a new coat of black paint and an 8th-gen processor, this is a small update. If you've been eyeing a Surface Pro, you may want to wait…
Computing

Style up your MacBook Air with one of these great cases or sleeves

Whether you’re looking for added protection or a stylish flourish, you’re in the right place for the best MacBook Air cases. We have form-hugging cases, luxurious covers and padded sleeves priced from $7 to $130. Happy shopping!
Computing

Want to make one hard drive act like two? Here's how to partition in Windows

If you don't want all of your files stored in one place but only have one drive to work with, partitioning is your best way forward. Here's how to partition a hard drive in Windows 10, step by step.
Mobile

Leave the laptop at home, the iPad Pro is the travel buddy to take on vacay

The iPad Pro is a powerful tablet that's perfect for creatives and professionals. How does it fare when traveling with it as a laptop replacement? We took it on a two week trek in Japan to find out.