The creators of the crypto miner Coinhive did not expect such a popularity of their development among intruders

About Coinhive cryptiner, which can be embedded in websites and applications, heard many of the readers Geektimes. In fact, it is difficult not to hear about him - in fact, almost all recent crypto-attacks were implemented with only one purpose - to mine as much as possible of Monero cryptocurrency. The main tool for this purpose is the crypto miner.

Recently on Geektimes news was published that malefactors cracked a plug-in reading the text from the screen, popular among users of a PC with poor eyesight. The code of the plugin was inserted cryptomineer code. Well, since the plugin itself is very popular, as a result, thousands of sites, both public and private, were infected.

In addition to this case, there are many others, some of which are known, some - not. The creators of the Coinhive project say that they could not even think that their development will become so popular in such a short time. "We were amazed at such a rapid distribution of the code," says one of the team representatives. “While working on the project, we were rather naive because we did not believe that the miner would be used by cybercriminals. We wanted our code to be used by site owners, used openly, warning users about mining cryptocurrency. But what happened over the past few weeks with Coinhive is unspeakably strange. ”

As far as you can understand, the miner keeps records of everything that was extracted with its help. The developers said that using the Coinhive code, cryptocurrency was mined for about several million US dollars. About 70% of the mined went to users wallets. By the way, the recent campaign, which was reported on the GT, brought the attackers who infected thousands of sites, only 0.1 Monero, or $ 24 at the current rate. Even this money was not paid to intruders. The code, by the way, works not only on the site, it has been implemented in a number of Android applications.

“Our users usually use the miner quite legally. They warn users of their resources and applications about mining, and in return give them some rewards, ”says one of the system developers.

Coinhive was launched in September and promoted as a tool for quite legal (and not so much, moreover) earnings for webmasters. It was assumed that instead of placing ads on their resources, their creators would use the miner code. In addition, a similar method was offered to mobile application developers. They could use code instead of advertisements, giving users who allowed mining some bonuses and in-game buns. Naturally, in all these cases it was assumed that the one who uses the code will warn those whose gadgets are involved in the mining process.



“We believed that intra-browser or in-game mining could be a worthy alternative to micropayments or traditional advertising. If a user spends the resources of his PC and electricity for mining, he is entitled to rely on some bonuses, ”the team says.

And really, at first everything went as expected by the developers. Wordpress-blogs, game resources, forums, porn sites began to introduce Coinhive code. At the same time, developers do not track the "place of work" of their code.

In order to start using Coinhive, the webmaster needs to connect the system API. The team has a clear policy of working with offenders, so if the fact of unauthorized use of the code was detected, then its user was banned and the code on the site became inoperable. True, it is quite simple to get around this limitation - you need to copy the Javascript miner, substitute the necessary data and - you can work.

So far, the creators of Coinhive do not know what to do with a huge number of attackers who misuse the code. Most likely, nothing can be done with them. “A cryptoverm will most likely last for a while. At least, until the increasing complexity of mining makes the work in the browser useless for the miner, ”the developers report.

They themselves are upset that many users consider their development a virus. The network is full of articles on the topic "How to remove the Coinhive virus from the pages of your site." The authors of the project believe that their reputation is simply destroyed, and the project’s reputation below has nowhere to fall, because the mining script is considered by many to be a virus - both individual users and some anti-virus companies.

Anyway, the team continues to work and develop its product.