Cryptojacking: pirates use our cpu for money


Pirate streaming mines currencies with our CPUs. A worrying reality emerges from a reader’s message on Facebook. Illegal streaming sites exploit the CPU of visitors to undermine cryptocurrencies, leaving them with energy costs.

Pirate mining on our pc

We only lacked the pirated streaming sites, which undermine cryptocurrencies exploiting our CPU in secret. Bizarre, but true.

From a report by an individual:

“[…] I wanted to inform you about the presence of the Coin Hive script for the mining also on the Wstream site, a well-known video streaming site (which I use for souls subbati, just to clarify!) Lately several try to monetize and if that Pirate Bay was a test this does not seem at all since the site in question already has a plentiful presence of ads.What are trying to figure out which is the most profitable of the two ?! Mmmmmm, posterity the hard sentence! for now I’m wide from Wstream, see the 100% CPU for a mere video seems a bit exaggerated, how to block a line to download a jpeg from a few kb, not in the era of 33.6k !!!! ”

I immediately became suspicious and activated to check the veracity of the report. I came to the conclusion, even having verified the truthfulness personally, that it is a real fact. I went to some streaming sites (which do not point to legal problems), and I verified that it is true. Even if the mining technique is not implemented in all the video streaming links, the fact happens and is real.

The analysis of the page code puts me on the right track, identifying a JavaScript that refers to the site Coin-Hive whose name, translated into Italian, means hive of coins. The alarm sounds peremptory !!

The Coin-Hive website leaves no doubt:

“Coinhive offers to JavaScript for the Monroe Blockchain that you can embed in your website Your users run the minerals in their browser and mine for free in-game experience, in-game currency or whatever incentives you can come up with. ”

Monero is not the best known of virtual coins, however, is worth $ 94 and has a total capitalization of 1.4 billion, numbers far removed from those of Bitcoin that today is worth $ 3,917 and capitalizes almost 65 billion but it is still a virtual currency spendable or convertible into money.

The mere presence of a JavaScript referable to Coin-Hive was not however sufficient to affirm with certainty that the anomaly found was due to an algorithm for mining. So I deepened the analysis using JavaScript Profiler , a Chrome tool designed for developers, which allows you to monitor and record the execution of the javascript present on a web page.

javascript control for mining

Javascript control results

A quick search on the internet was enough to find out that CryptoNight is a popular algorithm for the mining of different cryptocurrencies (Monero, Bytecoin, etc.), which exploits the processing capabilities of the processors. On the homepage it is possible to test the functioning of the algorithm that can be implemented in order to exploit all or only part of the processor’s resources (the threads). An empirical test has allowed us to establish the performance with an Intel Core i7-3770K overclocked to 4.6 GHz:

2 threads ~ 44 Hash per second
3 threads ~ 60 Hashes per second
4 threads ~ 72 Hash per second
5 threads ~ 80 Hashes per second
6 ~ 8 threads ~ 90 Hashes per second

The site has allowed us to calculate that 10 computers, working 24 hours a day, can generate revenues of 0.02 XMR or 1.59 euros. Considering a consumption of 200Wh per PC, it would not even be able to cover the costs of electricity. If someone else pays you, however, it’s all gain.

Even other sites do it

At this point we could have limited ourselves to discouraging the use of the site cb01. However, we have checked other popular streaming sites (high definition, eurostreaming, filmperutti, guardaserie, etc.) without experiencing anything anomalous … at least until you try to start streaming a program.

What we have discovered is an even more subtle implementation of the same JavaScript. Explained in a very simple way, when you open the link to a hosting site in reality you are not directed to the indicated site but to another that imitates the layout, even if rather coarsely.


One of the sites listed above, indicates among the providers available for a film but, by opening the link, you are directed to the page on the left. However, the real page is the right one and looking at them carefully, we notice that the layout is badly imitated.

Also in this case, as soon as you open the page the use of the processor rears and, in fact, the analysis with JavaScript Profiler shows the same results obtained with cb01. Finally, it seems that other streaming providers use the same JavaScript, but to confirm it, other controls are needed.

The solution of pirates mining

The problem is not Coin-Hive per se, a system that is legal and has potential for completely legitimate uses. For example, a site could use it to tile or replace advertising. Or you could make it a tool for cryptocurrency mining to be used for beneficial purposes. It would be a good thing to inform users instead of apologizing, which does not happen in the cases mentioned.

Therefore, the instrument must not be condemned, but the use made of it. With this article I wanted to inform you and help you protect yourself.

In this regard, it is worth pointing out that there are already specific tools that can block this specific JavaScript: Ublock for Google Chrome, AdBlock is working on it, then there is minerBlock, which I have not tested. The companies specialized in security are also moving: Malwarebytes informs us of a suspicious activity and the same applies to Vidoza. Probably, in the near future there will be others.

The answers are coming, and among them there is also that of the same Coin-Hive. The managers apologized via the company blog.

A comment completely appreciable, but the question remains open. Keeping a website, legal or not, has costs. And online advertising is not necessarily the only possible answer: indeed in recent years it is increasingly problematic. Could computing power “on loan” to users could be an alternative way?

Watch the following video:


Leave A Reply