When visited by MyBroadband on 1 June 2018, the script in the site was discovered.
It uses the processing power of visitors’ CPUs to mine cryptocurrency to an untraceable Monero wallet without their consent.
Nowhere on the website was there a request for consent to the mining, which is a sign the website was “cryptojacked”.
This hijacking of users’ processing power to mine cryptocurrency can often be detected by searching the page HTML for a script with the “Coinhive” label.
Users can also detect cryptojacking by monitoring their CPU usage when visiting infected websites.
A screenshot of the Afro Voice website with the mining script highlighted is below (click to enlarge).
The script we discovered was mining to an anonymous Monero wallet using the site key “RNhZd03mTONOmkaz6Gwp2GqVotJi4ACM”, with the user reference labelled “john doe”.
This site key was likely set up by the attacker who infected Afro Voice’s website.
The Coinhive script was not restricted and attempted to use as much of the user’s CPU processing power as possible in the background.
This can lead to dramatic slowdowns across a user’s entire PC.
When MyBroadband visited the Afro Voice website, the CPU usage of our PC rose to between 95-100% – and we experienced heavy lag across all applications.
Users can protect themselves from these cryptojacking scripts by using browser extensions such as NoCoin and Minerblock.
MyBroadband alerted Afro Voice to the issue and gave it time to remove the script before publishing this article.
Afro Voice told MyBroadband the script “has been detected and removed by the web developer and IT technical team”.
It said the security of its site is being intensified and improved to prevent a scenario like this from happening in the future.
Coinhive and consent
The Coinhive script used on the Afro Voice website mines cryptocurrency without the user’s permission and to the extent their system becomes impeded.
This is simple to implement, and requires someone with access to the website backend to copy and paste a few lines referencing the script – detailing their website key which they received when signing up with Coinhive.
While it is often used for malicious purposes and without a visitor’s consent, Coinhive can be implemented in a way which aids both the website owner and visitor.
A version of the Coinhive mining script called AuthedMine can be loaded from a separate domain, and which enforces a mandatory opt-in request before mining.
The script can also be edited to reduce the amount of stress placed on a visitor’s CPU.
Combining these solutions can provide website owners with a way to monetise their traffic, while visitors retain decent CPU usage levels and gain access to the website’s content.