We've been tracking cryptocurrency mining activity here at the Cyren Security Lab and have confirmed a massive run-up in the number of web sites hosting "cryptomining" scripts globally. Based on the monitoring of a sample of 500,000 sites, we've found a 725% increase in the number of domains running scripts on one or more pages -- knowingly or not -- in the four-month period from last September to January 2018.
Rate of Growth Accelerating
After a 3x jump in October, the number of new mining sites plateaued in November, but then nearly doubled in December and again in January. So half the total run-up since September was concentrated in the last two months, suggesting the rate of spread of cryptomining is accelerating -- a trend we will continue to monitor. The data tells us that, as of January, 1.4% of web sites in the monitoring sample were running mining scripts.
Given the meteoric rise in cryptocurrency values during the last few months, the jump in activity to produce cryptocurrencies is not surprising. Monero, the main currency used by cryptomining scripts, has increased by almost 250% in value during the same period, stoking interest. Monero bills itself as a “secure, private, and untraceable cryptocurrency,” employing a technology that makes it virtually impossible to track transactions to any individual or IP address -- which explains why it's currently the currency of choice for cryptomining.
In any event, our findings do confirm everyone's assumptions and quantify the phenomenal spread of mining scripts, which we first wrote about last October (see Malware Goes Currency Mining with Your CPU).
How Do Businesses Protect Themselves
Cyren blocks Coinhive miners as JS/CoinHive.A!Eldorado and JS/CoinHive.B!Eldorado.
For a primer on the current state of cryptomining as it relates to IT security, register for Cyren's upcoming webinar "The Top 5 Downsides and Dangers of Cryptomining" on April 5th.