Popular Streaming Sites Secretly Mine Cryptocurrency

Uploaded on 2017-12-27 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Very popular video-streaming sites, some with nearly a billion monthly visitors, have been secretly using the resources from visitors’ devices to mine for the cryptocurrency Monero.

According to security experts at AdGuard, the four sites involved in the crypto-jacking schemes are Openload, Streamango, Rapidvideo and OnlineVideoConverter. Those sites are raking in outrageous amounts of money while visitors are busy streaming or converting videos.

“While analysing the first complaints, we came across several very popular websites that secretly use the resources of users' devices for cryptocurrency mining and were avoiding ad blockers so far,” AdGuard explained. 

“According to SimilarWeb, these four sites register 992 million visits monthly. And the total monthly earnings from crypto-jacking, taking into account the current Monero rate, can reach $326,000.”

Regarding the three video streaming sites, AdGuard said, “We doubt that all the owners of these sites are aware that the hidden mining has been built in to these players.”

Nevertheless, as visitors spend hours watching movies or TV shows, their devices’ CPUs are busy mining cryptocurrency for whomever added the mining scripts.

Crypto-jacking via Openload, Streamango, Rapidvideo and OnlineVideoConverter

AdGuard discovered two Openload domains secretly mining for Monero without users’ knowledge or consent. Openload, one of the most popular streaming sites, has an estimated 330 million visitors per month.  Videos from Openload are often embedded on other sites and, in many cases, the mining script loads when videos are launched. AdGuard estimated that the monthly earnings reach $95,000.

The crypto-jacking on Streamango starts when the embedded player is loaded. The site gets 42 million visits per month, and monthly mining earning could reach about $7,200. The mining script in the Streamango player is the exact same one being used on Openload.

Like the other two streaming sites, the Coin Hive mining code on Rapidvideo starts when loading the embedded player. The site gets an estimated 60 million visits per month, and estimated earnings, including Coin-Have’s commission, may reach an estimated $25,000.

OnlineVideoConverter, according to AdGuard, “holds the absolute record among crypto-jackers at the moment.” SimilarWeb data ranks the site as being the 119th most popular website in the world. 

It receives nearly 490 million visitors per month, almost twice the number of visitors of ThePirateBay, which was the first big site caught hijacking users’ CPU power to secretly mine Monero. Including Crypto-Loot’s commission, AdGuard estimated monthly mining earnings at $200,000.

ThePirateBay incident occurred in September. Since then, thousands of websites have turned to mining to supplement plummeting advertising revenues. Some sites added the mining scripts, while others were hacked to add the mining code.

CSO

YouMight Also Read: 

Bitcoin Developer Says Cryptocurrency Has Failed:

Mining Bitcoin Just Halved:
 

« Very Few Women Are CISOs
Iranian Hackers Have Infiltrated US Infrastructure »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Radisys

Radisys

Radisys offers software, products, integrated systems, and professional services for communication service providers and telecom solution vendors.

Fieldfisher

Fieldfisher

Fieldfisher's Technology, Outsourcing & Privacy Group has class-leading expertise in privacy, data & cybersecurity, digital media, big data, the cloud, mobile payments and mobile apps.

Clifford Chance

Clifford Chance

Clifford Chance are one of the world's pre-eminent law firms with resources across five continents. Practice areas include Cyber Security & Information Protection

Cyber Risk Policies

Cyber Risk Policies

CyberRiskPolicy.com is a joint venture between the Poindexter Surety Group of companies and Gibbs Cyber Security.

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security is a leading manufacturer of network security appliances for use in industrial environments.

Ambersail

Ambersail

Ambersail provide Penetration Testing and Cyber Security Compliance services.

Iceberg

Iceberg

Since 2016, Iceberg has redefined how businesses approach hiring in the Cybersecurity and eDiscovery space.

SEC Consult

SEC Consult

SEC Consult is a leading European consultancy for application security services and information security.

Sungard Availability Services (Sungard AS)

Sungard Availability Services (Sungard AS)

Sungard AS partners with customers around the globe to understand their unique business needs and provide production and recovery services tailored to their requirements.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

CyberSec.sk (CSSk)

CyberSec.sk (CSSk)

CyberSec.sk is the Slovak portal bringing the latest cyber security news, politics, tips and instructions on how to protect the internet.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

CloudSphere

CloudSphere

CloudSphere’s flagship Cloud Governance Platform enables enterprises and cloud service providers to simplify and optimize cloud migration, management, and governance.

Littlefish

Littlefish

Littlefish provide world-class, award-winning Managed IT and Cyber Security Services, delivered from our 24/7 UK service centres.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.