Have you ever wondered why some pornography website offer free videos without any charges and some don’t even display advertisements?
How do these websites survive without generating any profit?
Is it because of some altruistic ‘Samaritans’?
No, most of this kind of free website engage in Cryptojacking. Cryptojacking means javascript-based cryptocurrency mining script in the background while users browse the site. This script uses the user’s CPU to mine cryptocurrencies, without their consent.
For pure education purposes, I will demonstrate a simple cryptojacking works using a basic.Net Web Application.
First, just create a .Net Web App, create a controller called VideoController.
public class VideoController : Controller
{
// GET: VideoController
public ActionResult Index()
{
return View();
}
}Then, create a index.cshtml page under ~Views/Video folder.
In my index.cshtml, create a video markup and put some dummy video on it. Create a button that will trigger a javascript function that perform the mining.
@{
ViewData["Title"] = "Video Simulation";
}
<h1>Video Mining Simulation</h1>
<video id="video" width="640" height="360" controls>
<source src="/videos/sample.mp4" type="video/mp4">
Your browser does not support the video tag.
</video>
<br />
<button id="playVideo">Play and Simulate Mining</button>
<script>
async function simulateMining() {
const targetPrefix = "00000000"; // Adjust difficulty by increasing/decreasing the number of zeros
let nonce = 0;
let found = false;
while (!found) {
const text = `Mining simulation ${nonce}`;
const hashBuffer = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(text));
const hashArray = Array.from(new Uint8Array(hashBuffer));
const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
if (hashHex.startsWith(targetPrefix)) {
console.log(`Mining completed! Nonce: ${nonce}, Hash: ${hashHex}`);
found = true;
}
nonce++;
if (nonce % 10000 === 0) {
console.log(`Checked ${nonce} hashes...`);
}
}
}
document.getElementById("playVideo").addEventListener("click", () => {
simulateMining();
document.getElementById("video").play();
});
</script>I mimic the bitcoin mining mechanism that enforce the JavaScript give me the result of hashing that starts with certain amount of 0.
This is my website after run
Once I clicked the ‘Play and Simulate Mining’ button, I used a tool called Process Explorer to monitor the usage of my CPU.
And the Task Manager:
Before running the video (which mining process on behind):
After running the video
The indication might not very accurate, since my laptop also running some programs in background, but you can see the mining process do actually consume some of our CPU power.
How to Protect Yourself from Cryptojacking?
Well, first is never visit any malicious website.
However, if it is inevitable to visit a malicious website, you may take some precautions like use an AD-Blocker, install Anti -Cryptojacking extension, and keep your computer software updated and always monitor your CPU usage.
