Malware that surreptitiously mines cryptocurrency while you browse the web is big news right now – literally in the case of news outlet Salon, which has enabled it as an opt-in feature. One thing that it certainly isn’t, though, is big business. Every other day, media outlets seem to be running stories about the latest cryptojacking scams. While these tales are mostly true, the extent of the problem has been vastly overstated. Smart criminals aren’t covertly crypto mining in-browser, not because they’re incapable of doing so, but because even at scale it simply isn’t profitable.
Last weekend, it emerged that the Browse Aloud web browser plugin had been hijacked, causing it to covertly mine cryptocurrency on around 5,000 computers. Among those affected were systems used by a number of British government bodies including the National Health Service and a student loans company. At the time, a spokesperson for the UK’s National Cyber Security Centre said: “NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency…Government websites will continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk.”
Naturally members of the public weren’t at risk – in any sense of the word. The only real side effects of having your browsing session cryptojacked are perhaps a slowdown in computing performance and the device heating up. The majority of web users wouldn’t even be aware that anything was amiss. While relatively benign, as cyber attacks go, mining malware is still an inconvenience that no web user would reasonably be expected to tolerate…except for instances where that was the price of access. Salon sparked headlines this week after unveiling plans to do just that as a means of monetizing its news site.
Mining for Kernels of Truth
Media organizations are constantly seeking new ways of monetizing their sites. In an era of ad blockers and diminishing attention spans, generating any sort of payment per click is an achievement. The notion of web users mining monero – an anonymous cryptocurrency synonymous with the deep web and its wares – in order to fund a mainstream news site is an amusing one. It’s also an illogical one, on many levels. According to estimates provided by Coinhive, the software used by Salon as well as by the criminals in last weekend’s UK-wide cyberjacking scam, the return to be made on browser mining is pitiful.
One million visitors spending five minutes on a website would result in a total of $64 of monero being mined. The 5,000 UK government machines that were infected using Coinhive netted a paltry $24 in monero. Browser mining cryptocurrency, be it on a permissioned or permissionless basis, is unprofitable. If you’re going to bend the rules to mine crypto, you need access to a government supercomputer and the skills to avoid getting caught. Otherwise, the juice simply isn’t worth the squeeze.
Would you consent to having your computer mine cryptocurrency instead of being served adverts? Let us know in the comments section below.
Images courtesy of Shutterstock.