Web based crypto-coin mining is a relatively new technology and allows people surfing the internet to participate in the crypto economy by automatically mining coins while visiting specifically configured websites.
This can benefit the visitor and websites they frequent. Site owners can use these snippets of code to tap into a percentage of visitor’s system resources to mine a particular cryptocurrency coin which can supplement advertising revenue. It can happen seamlessly in the background and then ceases when the viewer leaves the site. As long as the visitor is informed and okay with the process, then all is ethical. It is another way to support a favorite website without the need to directly donate money. Instead, visitors are donating system resources while on the site. This promotes sites to have better and more engaging content to keep customers parked for longer periods of time. Well-funded sites can then pare back on obtrusive advertising and annoying pop-ups, making the overall experience better for everyone.
There is dark side to web mining. Cybercriminals have been using similar technology to hijack websites or install malware that runs constantly in the background of a victim’s computer, to mine coins for their benefit. This is done without the consent of the system owner and is referred as Crypto-coin Mining Malware. It is a growing problem, with the latest metrics showing an annual increase of 1189% for this type of malicious code. In some cases, criminals are switching from ransomware to crypto-coin mining attacks. Some websites are also employing this tactic in an unethical manner, by not notifying the user they are consuming their system resources while on their site.
As with all technology, it can be used for good or harm. I have been exploring both sides of this space and found for the virtuous use, it really comes down to user-experience, informed consent, and if all parties receive a benefit. The control must be placed in the hands of the users whose resources are being consumed. The overall system impact must not be overly burdensome, so as to degrade the user’s experience.
Cybercriminals don’t care about mutual benefits or end-user experiences. They are writing code to be persistent, stealthy, and funnel all the proceeds to their wallets. It is big business, with the most popular mined currency being Monero, due to its strong privacy features. Cybersecurity professionals are seeing more advances and deeper penetration for these methods.
In addition to keeping up with what the criminals are pushing I am also branching out to look at innovation for good. Could such web mining technology help sites like Wikipedia remain up as a viable resource to all? How about non-profit organizations who want to expand how people can contribute? Could this be the catalyst to end the dreaded us of pop-up advertisements? The possibilities for great benefits exist.
I will be trying out several platforms and keeping a close eye on advancements cybercriminals are making, as I explore both the benevolent and malevolent side of web crypto-mining. Be sure to follow me to keep up with my latest findings and tools.