Later on, when I analysed the various URLs that were injecting Coinhive, there was (anecdotally) a strong presence of Russian and Chinese websites. I'm loath to draw stereotypical conclusions about the association of hackers to Russia and China, but it's a bit inescapable here. Just for context, Have I Been Pwned (which sees about 200k visitors per day) has a geographical distribution as follows:
But the number that really impressed me (if "impressed" is the right word here.) was the number of unique visitors per day:ĭaaaamn! More than 2 years after Coinhive was gone and the miner is still embedded in enough places to be serving more than 100k unique visitors per day. That's a substantial number of requests peaking at 3.63M in a day for a service that doesn't even exist anymore. And that's where things got a lot more interesting.įirstly, the high-level stats and as I was routing through Cloudflare, it was super easy to look at the volume of requests first: Every request resulted in a 404, but every request also went into a standard Azure App Service log. I stood up a website and just logged requests. 2020 got kinda busy and it was only very recently that I was finally able to come back to Coinhive.
#MP3 YOUTUBE DOWNLOADER FIREFOX ADDON FOR FREE#
I'm not sure how much the person who made these available to me wants to share so the only thing I'll say for now is that they were provided to me for free to do something useful with.
In May 2020, I obtained both the primary domain and a few other ancillary ones related to the service, for example which was used for their link shortener (which also caused browsers to mine Monero). However, it was still making requests to the domain but without the name resolving anywhere, the only signs of Coinhive being gone were errors in the browser's developer tools. Every site that had Coinhive running on it, either by the design of the site owner or at the whim of a cryptojacker, stopped mining Monero. (Also - "the company was making in an estimated $250,000 per month" - crikey!) The site disappeared and the domain stopped resolving. That's it, job done, instant crypto!Īnd then Coinhive was gone. And that's all an attacker needed to do - include the Coinhive JS, add their key and if they wished, toggle a few configurations. js file from and the setting of a 32-byte key.
#MP3 YOUTUBE DOWNLOADER FIREFOX ADDON CODE#
In that blog post I included the code Scott Helme had de-obfuscated which showed a very simple bit of JavaScript, really just the inclusion of a. I'll give you a perfect example of that last point: in Feb 2018 I wrote about The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries wherein someone had compromised a JS file on the Browsealoud service and injected the Coinhive script into it. The second problem is that due to the anonymous nature of cryptocurrency, every hacker and their dog wanted to put Coinhive on any sites they were able to run their own arbitrary JavaScript on. It might only be exploiting them a little bit (how much power can an in-browser JS cryptominer really draw?), but it still feels super shady.
They're paying for the CPU cycles to put money into your pocket - ingenious! But there were two massive problems with this and the first one is probably obvious: it's a sleazy business model that (usually unknowingly) exploits people's electricity bills for the personal gain of the site operator. sorry - visitors - browsers then whilst they're sitting there reading your content, you're harvesting Monero coin on their machine. So, instead of serving ads you put a JavaScript based cryptominer on your victi. I'll come back to that shortly, let's return to the business model of Coinhive: However, it's now owned by me and it's just sitting there doing pretty much nothing other than serving a little bit of JavaScript. That's a link to the last snapshotted version on because if you go to today, you'll see nothing. You know how people don't like ads? Yeah, me either (at least not the spammy tracky ones that invade both your privacy and your bandwidth), but I also like free content on the web and therein lies the rub how do content producers monetise their work if they can't put ads on pages? Well naturally, you "Monetize Your Business with Your Users' CPU Power" which was Coinhives's modus operandi. If, on the other hand, you're on this page because you're interested in reading about the illicit use of cryptomining on compromised websites and how through fortuitous circumstances, I now own and am doing something useful with it, read on. If you've landed on this page because you saw a strange message on a completely different website then followed a link to here, drop a note to the site owner and let them know what happened.
0 kommentar(er)
