A number of popular video streaming and ripping services are secretly running cryptocurrency mining operations with the borrowed power of visitor systems.
On Wednesday, researchers from AdGuard said stealth mining for cryptocurrency such as Monero is becoming ever more popular, and with websites with large traffic volumes attempting to cash in on the trend, up to one billion visitors may have been included without their knowledge in recent months.
While ad-blockers can stop cryptocurrency mining from working, many users are still at risk. CoinHive is a popular method to mine for cryptocurrency by using computing power generated from visitor systems, and while some vendors are exploring the idea as an alternative to advertisements, it should not take place without user consent.
AdGuard says the use of this kind of software combined with secrecy, dubbed "cryptojacking," is in full swing on video streaming and ripper websites including openload, Streamango, Rapidvideo, and OnlineVideoConverter.
In each case, users were not told cryptocurrency mining was taking place, the script was placed where users spend a lot of time, and three out of the four sites, which provide media players embedded on third-party websites, have the code embedded in the same place.
"We doubt that all the owners of these sites are aware that the hidden mining has been built into these players," the researchers note.
SimilarWeb statistics suggest there are 992 million visitors to these websites per month. AdGuard estimates that should each visit result in successful cryptojacking, these four websites could generate over $320,000 a month.
One project in particular also caught the researcher's attention. The CoinHive Stratum Proxy provides instructions on how websites using cryptojackers can circumvent ad blockers, and this script is being downloaded thousands of times per day.
"The popularity of cryptojacking has grown with alarming speed. Just think about it; we are talking about billions of visits, and it has been just a few months since this problem first appeared," AdGuard concludes. "It's like an epidemic, and it is unclear when it will stop or even slow down."
Back in October, torrent search website The Pirate Bay came under fire for piloting a cryptocurrency mining scheme without user consent. Users worried that malvertising may be at play, but the website's operators said it was an experiment to see whether cryptocurrency mining could provide the revenue required to run The Pirate Bay without adverts.
It is estimated that The Pirate Bay could potentially make over $12,000 per month from cryptocurrency mining.
Last month, researchers discovered a new upgrade of the Quant Trojan which specializes in stealing cryptocurrency from offline wallets. Quant distributes the Locky ransomware and Pony malware but has new modular additions which allow cyberattackers to raid victim wallets.
ZDNet has reached out to the companies named and will update if we hear back.