PIA’s Official Website May be Mining Cryptocurrency Using Your Computer

PIA recently launched its new web portal for booking tickets online. Thanks to a tip we received yesterday, ProPakistani can confirm that PIA’s new website has been hosting a cryptocurrency mining script on its servers, capable of mining crypto-coins using computers of the people visiting the website.

What is Cryptocurrency Mining?

Most cryptocurrencies are obtained through a process called mining. Putting it simply, the process involves solving some complex calculations to add new coin transactions to a public ledger. Mining is a very time and resource intensive process and people who commit their hardware for this get rewarded in the form of new coins.


ALSO READ

Shocking: COMSATS University Website is Using Your PC to Mine Cryptocurrency


Is it Harmful?

It won’t harm your computer in the traditional sense like a virus would, but it will hog your PC’s resources, slowing it down considerably as long as the mining process is ongoing.

However, it is definitely unethical — no one should use your computer’s resources to mine cryptocurrency without your explicit permission.

On Monday, 12th February, ProPakistani received a tip from tip from three cybersecurity enthusiasts, Sajjad Haider, Asad Memon and Fahim Mandvia, about something fishy they found on PIA’s new website. The co-founder of RemoteInteview and the person behind JavaScript’s ‘Urdish’ dialect, Asad is a veteran programmer and developer while Sajjad Haider is an Information Security Professional.

“It seems that PIA has recently launched this new site,” he added. “It’s based on WordPress and whenever someone uses WordPress, it opens a can of worms.”

Asad sent us a link to the script, hiding in the “bootstrap.js” file within the JavaScript directory of PIA’s website. We have verified the JavaScript function is clearly designed to mine Monero, a form of cryptocurrency, on a visitor’s computer through the browser. At the time of writing, one Monero (one XMR) is worth $246.

scripts found

Moreover, they were also able to extract the CoinHive user ID of the miner in question hiding in another JavaScript file in the parent directory.

CoinHive, an online service, offers a JavaScript miner for the Monero Blockchain that can be embedded on any website.

The script can then run directly from the browser to mine cryptocurrency on the computers of the users who visit the website.

Barely a couple of hours after we checked it out, both the files were modified and are now inaccessible on PIA’s website (last modified at 9:11 PM, Monday, 12th February).

Fortunately, Asad was able to find an archived version of the website which has both the files. Not only that, but the archival service also shows a clear warning that it has detected malicious behavior on the website that matches CoinHive’s JavaScript variables.

Malicious behavior and content int piac official website

It is extremely unlikely that PIA itself would try to embed cryptocurrency mining scripts in its official website. Not only does it seem reckless, it is also somewhat pointless, considering that the website would barely make 1-2 XMRs per month ($250 – $500 according to a rough estimate).

“It’s most likely a hack or a greedy employee,” added Asad.

Regardless, a company of such a stature should keep an eye on its web portal. Recently, more and more websites have been caught trying to run mining scripts on unsuspecting users.

If you suspect your computer is acting somewhat slow, you can run your browser’s task manager (SHIFT + ESC in chrome) to check if a particular tab is using too many resources. Moreover, you can also use ad-blockers to detect if a mining script is running in a tab or use the No Coin extension for Chrome/Firefox.