Browser Mining Spreading Rapidly, 500 Million Computers Affected

Browser Mining Spreading Rapidly, 500 Million Computers Affected


In September, users of The Pirate Bay discovered that the popular torrent site was running Coinhive, a javascript code that mines Monero (XMR) on visitor’s computers. The incident brought to light the use of such scripts, which are growing in use globally across the web. Although not as malicious as traditional malware, these mining scripts use a computer’s CPU without the owner’s consent, a practice that has been termed “cryptojacking.”

The proliferation of mining scripts has been rapid. Thousands of websites are now believed to be running them, with an estimated five hundred million web-connected computers impacted. In addition to The Pirate Bay, Coinhive has been found on, and websites of the Showtime television network. All known scripts mine Monero, and use a computer’s CPU while a specific web page is open. Most users are unaware that their computer is being used for mining, as the scripts run in the background and give no indication of their presence.

For its part, Coinhive does not consider its scripts unethical. It openly advertises them as a means for website operators to earn revenue without running ads. However, Coinhive has also updated its script to require opt-in from the site visitor before mining begins, to avoid webmasters running the script without the users permission. The Coinhive team asserts, perhaps correctly, that many website visitors would agree to browser mining in exchange for an ad-free experience.

There should be no debate, however, that these scripts have the potential to do harm. By increasing CPU usage, they slow performance and can cause crashes, especially if multiple mining websites are open. They also increase electricity usage, which if a website were open for significant periods of time could be costly. As should be expected, mining scripts are more likely to be found on websites that are designed to remain open, such as streaming and video sites.

Not surprisingly, a number of competing scripts have emerged, such as JSEcoin and crypto-loot, which currently make no attempt to alert the site visitor of their CPU usage. Also, malware developers are quickly embracing these scripts. Even a Chrome extension was recently found to have an embedded Coinhive script, which would have mined Monero any time Chrome with this extension was running. Also, some adware and malware browser redirects are sending users to websites running stealth mining scripts.

To protect users, a number options have emerged. AdBlock Plus and AdGuard both block Coinhive, as do the Chrome extensions AntiMiner, No Coin, and minerBlock. However, as is the case with traditional malware, developers are expected to revise their scripts, and employ other masking techniques to work around blockers. If technology is to be used to stop cryptojacking, it will likely need to be natively built into browsers.

It is reasonable to assume that mining scripts could be used ethically, which would require transparency and user consent. It is even possible that browser mining could one day replace advertising as the most common source of website revenue and help struggling sites to maintain themselves. For now, their rapid spread is cause for concern as they are misused for the exploiting millions of unsuspecting web surfers.