Want CNET to notify you of price drops and the latest stories?

If you like deepfakes, you might be mining cryptocurrency

A website for fans of doctored videos used its visitors’ computers to mine Monero. It’s the latest way hackers can abuse your computer’s processing power.

Laura Hautala
Laura Hautala
Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
3 min read
The Monero symbol -- a white, angular letter em in a circle that is orange above the em and gray below. Using a script called Coinhive, a website for fans of deepfake videos mined cryptocurrency Monero on visitors' computers, researchers found.

Using a script called Coinhive, a website for fans of deepfake videos mined cryptocurrency Monero on visitors' computers, researchers found.

Your computer can do amazing things for you, but what can it do for hackers? Try this: make money.

That's what happened when web users navigated to a forum for fans of doctored videos, called deepfakes. According to researchers from Malwarebytes, code running on the website commandeered visitors' computers to mine Monero, a form of cryptocurrency, as long as the webpage was open on the browser.

It's sneaky, strange and possibly genius. "If they had enough traffic, that would absolutely generate a lot of profit," said Stephan Simon, a security researcher at Binary Defense Systems.

Just because this happened on a deepfakes forum, don't think this couldn't happen to you. Sure, the deepfakes phenomenon is all kinds of weird, involving fake celebrity videos that insert actor Nicolas Cage into movies he didn't star in, or any celebrity into porn scenes they never filmed. But hackers are trying to mine cryptocurrency on every kind of device, harnessing the computing power of regular people to cash in on the bonanza of blockchain-driven digital currency.

It even has a name: cryptojacking.

On Monday, a Chinese cybersecurity firm said it found malicious software on Android phones and smart TVs that was mining Monero for hackers. In January, a security researcher revealed that hackers could use public Wi-Fi networks to mine cryptocurrency on computers that connect to them. And as far back as September, another security researcher found cryptojacking software on official Showtime Network websites.

Experts say two things have helped bring about this state of affairs. First, the growing value of cryptocurrencies like Monero, Bitcoin and Ethereum has put a premium on computing power. It takes a lot of oomph, and time, from computers to run the software that creates more Monero, and it's a stealthy shortcut to use a crowd of strangers' computers without their knowledge.

Second, the creation of mega-botnets like Mirai has shown that large numbers of computers, phones and smart home devices can be harnessed to serve a hacker's whims.

"When there was more or easier money to be had, there was motive" to build more botnets, Simon said. "Cryptocurrency has helped it accelerate."

Some forms of cryptojacking work only while a web page is open, and others keep your computer chugging under its orders even after you close the browser tab. Hackers use something called Coinhive, a library of code written in Javascript, to force the computer to mine Monero.

Cryptojacking is only so harmful to its victims. In essence, it slows computers way down, and potentially heats them up. Just imagine that sad whining sound you hear when your computer's fan has kicked into high gear.

"If somebody's being supergreedy, you can easily hear the fans kicking up in your machine," Simon said.

Some web browsers block the malicious scripts. Opera announced in December that it would block the scripts in a beta version of its eponymous browser, saying they were bad for users' computers. It calls the feature "NoCoin."

"Bitcoins are really hot right now, but did you know that they might actually be making your computer hotter?" the company said in its announcement.

Victims of cryptojacking do tend to be dipping their toes into the shady end of the internet. In addition to deepfake forums (which were kicked off Reddit due to ethical concerns), torrenting and porn websites have served up cryptojacking scripts, experts noted.

Fans of deepfakes might've become targets because there's a higher chance they have powerful computers, said Chris Boyd, a malware researcher at security firm Malwarebytes who examined the deepfakes forum running Coinhive. That's because it takes a certain amount of processing power to make the fake videos.

"It's one of the ways that these people who are trying to make money off these scripts can actually target people who have a high-end PC," Boyd said.

But then again, other types of sites have fallen victim to the ploy too. So basically, no one's safe.

"There hasn't really been a pattern to it," Boyd said.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

CNET en Español: Get all your tech news and reviews in Spanish.