Cogito ergo sum

How dev-books.com turns your computer into a Cryptocurrency miner

A couple of months ago I saw a topic on Hacker News called The most mentioned books on Stack Overflow Link . I was really happy to see the website and I thought I could use it later once I need a book. Today I wanted to search for couple of books about Artificial Intelligence and Image Processing topics because of a potential graduation internship which I have to do in 2018. I opened the website using Google Chrome on my laptop which runs Ubuntu 16.04. A couple of seconds later I heard a loud noise coming out of my laptop. It felt like if I was playing a game on it, I hear the same usually when I play Counter Strike Global Offensive :P, I have an old laptop (almost 5 years old). The noise became harder and the fans of my laptops began to make really very strange sounds which I hadn’t ever heard before.

Not only dev-books[dot]com was open, I had a lot of tabs open at the same time (typical xD), so I didn’t know which tab was causing the noise. I started closing the tabs and after closing each tab I was waiting for 10 seconds before I close the next tab. After closing the tab of dev-books the fans of the cpu became calmer and the noise started to vanish and after 20 seconds everything was quiet again.

Evidence

Screenshots

I have decided to take screenshots for my ‘System Monitor’ on Ubuntu in three situations: 1)Normal situation when dev-books isn’t open, 2)immediately after opening the tab in Google Chrome with dev-books and 3)10 seconds after opening the tab on Google Chrome with dev-tabs

  1. SystemMonitor-Ubuntu
    System Monitor in a normal situation. dev-books isn’t open
  2. SystemMonitor-Ubuntu
    System Monitor after opening dev-books in a new tab in Google chrome
  3. SystemMonitor-Ubuntu
    System Monitor 10 seconds after opening dev-books in a new tab in Google Chrome

    If you notice that by looking to third image that the all my cpu’s are working at 100% which is really insane and unbelievable.

Used code for mining purposes

I decided to look into the source code of the dev-books using my biggest friend ‘F12’ aka ‘Chrome DevTools’. I opened the dev-books.com and I went directly to the tab ‘Sources’ and went to the ‘js’ folder and I found the following file inside it ‘coinhive.min.js‘.

Chrome DevTools-Peshmerge.io
You can see which file I mean. Coinhive.min,js

And you can see the website uses all possible threads of your cpu using Web Workers:

Coinhive -peshmerge.io
Coinhive uses all possible threads of the CPU

With a small research on Google I came across this site coinhive[dot]com which it seems to be an official site for turning the computers of website visitors to minors. Their slogan is:

A Crypto Miner for your Website

I was like: WTF

Yes, it’s. It’s a Javascript library that turns your website into a miner, that means, me and you when we visit the site, the cpu of our computers will work fully for the site owner!!

Final thoughts

I consider these action as illegal because it happens without a consent of us (website visitors). The website didn’t ask its users for permission to use their computers as miners. I couldn’t find on the website any reference to my findings. The site only mentions in the footer that it uses Amazon Service LLC Associates Program.

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.

I can understand you may need money for hosting your site, but please be honest about it. Moreover, don’t be so stupid and don’t use all possible threads on your visitor’s computer because it sucks and it easy to detect. If dev-books used only 2 threads, I think I wouldn’t notice that it was using my computer as a miner.

About the author

Peshmerge Morad

A IT-student and a programmer based in the Netherlands whose interests span multiple fields.

Add comment

By Peshmerge Morad
Cogito ergo sum

Privacy Preference Center