Popular Streaming Sites Secretly Mine Cryptocurrency

Uploaded on 2017-12-27 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Very popular video-streaming sites, some with nearly a billion monthly visitors, have been secretly using the resources from visitors’ devices to mine for the cryptocurrency Monero.

According to security experts at AdGuard, the four sites involved in the crypto-jacking schemes are Openload, Streamango, Rapidvideo and OnlineVideoConverter. Those sites are raking in outrageous amounts of money while visitors are busy streaming or converting videos.

“While analysing the first complaints, we came across several very popular websites that secretly use the resources of users' devices for cryptocurrency mining and were avoiding ad blockers so far,” AdGuard explained. 

“According to SimilarWeb, these four sites register 992 million visits monthly. And the total monthly earnings from crypto-jacking, taking into account the current Monero rate, can reach $326,000.”

Regarding the three video streaming sites, AdGuard said, “We doubt that all the owners of these sites are aware that the hidden mining has been built in to these players.”

Nevertheless, as visitors spend hours watching movies or TV shows, their devices’ CPUs are busy mining cryptocurrency for whomever added the mining scripts.

Crypto-jacking via Openload, Streamango, Rapidvideo and OnlineVideoConverter

AdGuard discovered two Openload domains secretly mining for Monero without users’ knowledge or consent. Openload, one of the most popular streaming sites, has an estimated 330 million visitors per month.  Videos from Openload are often embedded on other sites and, in many cases, the mining script loads when videos are launched. AdGuard estimated that the monthly earnings reach $95,000.

The crypto-jacking on Streamango starts when the embedded player is loaded. The site gets 42 million visits per month, and monthly mining earning could reach about $7,200. The mining script in the Streamango player is the exact same one being used on Openload.

Like the other two streaming sites, the Coin Hive mining code on Rapidvideo starts when loading the embedded player. The site gets an estimated 60 million visits per month, and estimated earnings, including Coin-Have’s commission, may reach an estimated $25,000.

OnlineVideoConverter, according to AdGuard, “holds the absolute record among crypto-jackers at the moment.” SimilarWeb data ranks the site as being the 119th most popular website in the world. 

It receives nearly 490 million visitors per month, almost twice the number of visitors of ThePirateBay, which was the first big site caught hijacking users’ CPU power to secretly mine Monero. Including Crypto-Loot’s commission, AdGuard estimated monthly mining earnings at $200,000.

ThePirateBay incident occurred in September. Since then, thousands of websites have turned to mining to supplement plummeting advertising revenues. Some sites added the mining scripts, while others were hacked to add the mining code.

CSO

YouMight Also Read: 

Bitcoin Developer Says Cryptocurrency Has Failed:

Mining Bitcoin Just Halved:
 

« Very Few Women Are CISOs
Iranian Hackers Have Infiltrated US Infrastructure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Maryville Online - Cybersecurity Program

Maryville Online - Cybersecurity Program

The Cybersecurity Program at Maryville Online is designed to help students reach opportunities in cybersecurity leadership and management through an entirely online curriculum.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO was founded in 2015 with the aim of counteracting the threats posed by globally organized cybercrime and state-controlled industrial espionage.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

Learning Tree International

Learning Tree International

Learning Tree's comprehensive cyber security training curriculum includes specialised IT security training and general cyber security courses for all levels of your organisation including the C-suite.

Datec PNG

Datec PNG

Datec is the the largest end-to-end information and communications technology solutions and services provider in Papua New Guinea.

Forum of Incident Response & Security Teams (FIRST)

Forum of Incident Response & Security Teams (FIRST)

FIRST is the global Forum of Incident Response and Security Teams.

HSB

HSB

HSB offers insurance for equipment breakdown, cyber risk, data breach, identity recovery & employment practices liability.

US Cyber Range

US Cyber Range

US Cyber Range is a scalable, cloud-hosted infrastructure providing students with virtual environments for realistic, hands-on cybersecurity labs and exercises.

Raqmiyat

Raqmiyat

Raqmiyat provides end-to-end IT Services and business solutions including consultancy, digital transformation, infrastructure and cybersecurity.

Critical Start

Critical Start

Critical Start provides Managed Detection and Response services, endpoint security, threat intelligence, penetration testing, risk assessments, and incident response.

CyberScotland

CyberScotland

The CyberScotland Partnership is a collaboration of key strategic stakeholders, brought together to focus efforts on improving cyber resilience across Scotland in a coordinated and coherent way.

Cufflink

Cufflink

Cufflink makes your business more secure, compliant and trusted. We limit the likelihood and impact of a data breach by controlling exactly what can and can't be done with personal data.

Antigen Security

Antigen Security

Antigen Security is a Digital Forensics, Incident Response and Recovery Engineering firm helping businesses and service providers prepare for, respond to, and recover from cyber threats.

Open Source Security Foundation (OpenSSF)

Open Source Security Foundation (OpenSSF)

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.