Cryptojacking Has Gotten Out of Control

Cryptojacking, which exploded in popularity this fall, has an ostensibly worthy goal: Use an untapped resource to create an alternative revenue stream for games or media sites, and reduce reliance on ads. It works by embedding a JavaScript component in a website that can leverage a visiting device’s processing power to mine a cryptocurrency (usually Monero). Each visitor might only do a tiny bit of mining while they’re there, every user lending some hash power over time can generate real money. And users might not even notice what’s happening. In theory, it can be a win-win. In practice, not so much.

As cryptojacking has spread around the web, largely thanks to the original “in-browser miner,” Coinhive, and its copycats, implementations generally don’t live up to those lofty aims. Instead, it’s used to exploit unknowing people’s resources-both their hardware and electric bills-and increasingly blocked as malware by scanners and ad-blockers. And efforts to keep cryptojacking on the straight and narrow have largely fizzled.

Cryptojacking doesn’t require a download, starts instantly, and works efficiently. Making it even more insidious, hackers can sneak a mining component onto unsuspecting websites and pilfer cryptocurrency off of the legitimate site’s traffic. Illicit cryptojacking software has plagued unsuspecting sites like Politifact and Showtime. In one especially glaring incident from early December, a customer using the public Wi-Fi at a Buenos Aires Starbucks discovered that someone had manipulated the Wi-Fi system, delaying the connection in order to mine Monero with shoppers’ devices.

Despite those high-profile sneak attacks, researchers say that most cryptojacking is intentional, and that the practice is evolving in concerning ways.


error: Content is protected !!