Popular streaming sites secretly mine cryptocurrency while you watch free movies

AdGuard discovered crypto-jacking schemes at Openload, Streamango, Rapidvideo and OnlineVideoConverter, affecting nearly 1 billion users per month.

Streaming sites mine cryptocurrency while you watch free movies
Thinkstock

Tremendously popular video-streaming sites, with nearly a billion monthly visitors, have been secretly using the resources from visitors’ devices to mine for the cryptocurrency Monero.

According to security experts at AdGuard, the four sites involved in the crypto-jacking schemes are Openload, Streamango, Rapidvideo and OnlineVideoConverter. Those sites are raking in outrageous amounts of money while visitors are busy streaming or converting videos.

“While analyzing the first complaints, we came across several VERY popular websites that secretly use the resources of users' devices for cryptocurrency mining and were avoiding ad blockers so far,” AdGuard explained. “According to SimilarWeb, these four sites register 992 million visits monthly. And the total monthly earnings from crypto-jacking, taking into account the current Monero rate, can reach $326,000.”

Regarding the three video streaming sites, AdGuard said, “We doubt that all the owners of these sites are aware that the hidden mining has been built in to these players.”

Nevertheless, as visitors spend hours watching movies or TV shows, their devices’ CPUs are busy mining cryptocurrency for whomever added the mining scripts.

Crypto-jacking via Openload, Streamango, Rapidvideo and OnlineVideoConverter

AdGuard discovered two Openload domains secretly mining for Monero without users’ knowledge or consent. Openload, one of the most popular streaming sites, has an estimated 330 million visitors per month. Videos from Openload are often embedded on other sites and, in many cases, the mining script loads when videos are launched. AdGuard estimated that the monthly earnings reach $95,000.

The crypto-jacking on Streamango starts when the embedded player is loaded. The site gets 42 million visits per month, and monthly mining earning could reach about $7,200. The mining script in the Streamango player is the exact same one being used on Openload.

Like the other two streaming sites, the Coin Hive mining code on Rapidvideo starts when loading the embedded player. The site gets an estimated 60 million visits per month, and estimated earnings, including Coin-Have’s commission, may reach an estimated $25,000.

OnlineVideoConverter, according to AdGuard, “holds the absolute record among crypto-jackers at the moment.” SimilarWeb data ranks the site as being the 119th most popular website in the world. It receives nearly 490 million visitors per month — almost twice the number of visitors of ThePirateBay, which was the first big site caught hijacking users’ CPU power to secretly mine Monero. Including Crypto-Loot’s commission, AdGuard estimated monthly mining earnings at $200,000!

ThePirateBay incident occurred in September. Since then, thousands of websites have turned to mining to supplement plummeting advertising revenues. Some sites added the mining scripts, while others were hacked to add the mining code.

AdGuard added:

The popularity of crypto-jacking has grown with alarming speed. Just think about it; we are talking about billions of visits, and it has been just a few months since this problem first appeared. It's like an epidemic, and it is unclear when it will stop or even slow down.

At the moment, the only real solution is to use an ad blocker, an antivirus or one of the specialized extensions to combat crypto-jacking. Unfortunately, not all users know about the problem or want to use such software. The only way to completely close the issue of browser-based mining is to implement security mechanisms at the browser level. For example, Chrome developers are now discussing the possibility of such a solution. We hope it will be implemented as soon as possible.

NEW! Download the Winter 2018 issue of Security Smart