Are your favorite websites mining Bitcoin? Here's how to find out
Some websites might be using your CPU to mine cryptocurrencies like Bitcoin without your knowledge.
Mining of cryptocurrencies like Bitcoin can be lucrative. But there's a catch: it requires time and a lot of computing power. If you could somehow spread those computing demands out among hundreds — and sometimes even thousands or millions — of unknowing users, it would greatly reduce the cost and time of mining expensive coins.
As nefarious as that sounds, it's exactly what several websites were discovered to be doing by IT security company ESET in September last year.
Previously, criminals would go about hijacking someone else's computer to mine coins through a malicious program that was installed. But a more lightweight and less noticeable (at least from the user's perspective) way of doing it is by running a JavaScript file right from within the browser — no exploits or vulnerabilities needed. Instead of infecting the users' computers, websites are being infected with malicious ads. All that needs to happen for mining to begin is that a user needs to visit an infected website with JavaScript enabled.
What's the big deal with mining anyway?
Inherently, mining cryptocurrencies is not a bad thing. It's how transactions are processed. You can learn more about it in our cryptocurrency and blockchain explainer but, in short, when a cryptocurrency transaction is announced to a blockchain network, computers on that network begin solving complex mathematical puzzles to confirm the currency has not already been used. In exchange for the work, miners (people whose computers were used to process the transaction) are rewarded a small amount of cryptocurrency.
No big deal, right?
With some cryptocurrencies -- such as Monero -- mining is relatively fast and simple and doesn't need a specialized computer to process the transactions. On the other hand, Bitcoin is notoriously slow and complex to mine and requires tons of processing power to lift the heavy load.
If someone were to tax your home computer with this, the CPU usage would skyrocket, simple tasks would become painstakingly slow and the fans on your computer would kick into overdrive. And if you were using a laptop, the battery life would take a significant and noticeable hit.
Fortunately, when a website is tapping into your computer to mine cryptocurrency, it's not likely mining Bitcoin. Instead, it's likely mining a currency like Monero or Dash. And in order to lower the chances of being detected by both the user and ad blockers, it typically limits its impact on the CPU to under 50 percent.
None of that is to say it should be done without your knowledge. In many cases today, web developers and criminals are hijacking people's computers for profit. That's not OK.
Not all user-driven mining is bad either
Some websites offer suppressed ads if visitors agree to let them use their computer to mine coins instead.
Using the computing power of users to mine coin isn't always a plot to some diabolical plan, however. Coinhive, for example, is a readily available script that web developers can deploy to mine the cryptocurrency Monero. In some instances, such as on Salon.com, visitors can choose to suppress advertisements on the website if they agree to allow the company to use their unused central processing unit (or CPU, the brains of the computer and the component responsible for interpreting and executing commands) power to mine coins while they browse the site.
Not all websites are as transparent as Salon, however. Some websites can quietly use your CPU to mine cryptocurrency and you wouldn't know unless you went out of your way to find out.
How to know when a website is mining cryptocurrency
So with all of this happening in the background, how could you possibly know when your computer is being used for mining? The easiest way is to keep an eye on your CPU usage.
- In Windows, right-click the taskbar and select Task Manager. Open the Performance tab.
- In MacOS, open Activity Monitor by searching for it with Spotlight (pressing Command + Spacebar) or by going to Applications > Utilities > Activity Monitor. Once open, click the CPU tab. Total CPU usage in MacOS is the sum of system and user usages.
While it varies from computer to computer, a normal percentage for casual usage (browsing the web, taking notes, etc.) is generally 20 percent or less. If you see unexpected spikes in usage when you open an otherwise simple webpage, it's not an absolute given that mining is going on. But it should give you cause for concern and is a possible red flag and a sign that JavaScript is being used for more than you bargained for. Closing the tab should cause the CPU usage to drop.
If your CPU usage doesn't drop, it could also be the case that your computer has been infected with malicious software that is mining your computer in the background or you could have fallen victim to a "pop-under" window. Anti-malware software Malwarebytes warned of this back in November. Instead of running within the browser tab you already have open, a new window with the JavaScript is opened, but it's sized to fit and hide behind the clock in the Windows taskbar.
With a pop-under, closing the browser will not stop the mining, since a hidden tab will still be open. Instead, you will have to use Task Manager to completely quit the browser. If you notice a significant drop in CPU usage then, it's likely your computer was affected by a sneaky mining script.
How to stop sites from using your CPU to mine
As mentioned above, not all mining is bad, especially if a website is upfront about it. In fact, you may want to support a website with mining instead of viewing ads — it's a pretty fair trade-off.
But if you want better control over which sites can use your CPU to mine coins, make sure to read our guide.