Cryptojacking has been in the news lately as hackers infected thousands of web sites around the world with software that turned their computers into unauthorized cryptocurrency miners. At the same time, respected news and opinion web site Salon has taken the high road, giving visitors the chance to mine for cryptocurrency instead of reading ads. Both the hackers and Salon used code written by the same people.

Last week, software infected thousands of web sites around the world, forcing some visitors’ computers to line cybercriminals’ pockets by secretly mining the cryptocurrency Monero.

Cryptojacking on the rise

Among those infected were government web sites in the UK, Australia and US. These included the UK’s Student Loans Company, Pensions Advisory Service and Financial Ombudsman. Even the UK’s Information Commissioner’s Office, which spends its time investigating other people for data breaches, disabled its web site temporarily to get rid of the cryptojacking software.

Hackers found their way in via BrowseAloud. It is a utility for reading websites to visually impaired visitors, and they infected it with a crypto jacking script called Coinhive.

Hacking a utility like that, which will be deployed on many government websites that receive lots of visitors, makes perfect sense for criminals wanting to maximize the available computing power. But other infections are more puzzling.

For example, we’re now seeing cryptojacking on industrial systems. Monero-mining malware has cropped up on wastewater management equipment. One explanation could be that these infrastructure systems, which can consume lots of electricity, are a perfect place for power-hungry malware to hide.

Anti-malware firm Heimdal Security currently sees around 2% of its user base trying to connect to Coinhive. “While a few of these people might have been legitimately trying to investigate what the platform is or maybe even use it, the huge cryptojacking trend is no doubt responsible for the majority of requests,” says Ana Maria Dascalescu, a marketing specialist at the company.

Coinhive didn’t return our messages, but its developers have admitted that the tool can be used for malicious purposes.

“We have to acknowledge that the decision to block Coinhive was understandable as it was possible to run the miner on a webpage without asking the visitor for consent or even informing them,” the developers have said. “Even some antiviruses now consider our JavaScript miner as a threat, which makes it difficult for website owners to use Coinhive at all.”

So why Monero? We know that mining cryptocurrencies like bitcoin is difficult using traditional CPU and GPU computer power, but other currencies like the Ethereum Foundation’s Ether – which has spiked substantially in price lately – are easily mined with computers running GPU cards (the graphics cards traditionally used for gaming).

Monero may be worth less than some other currencies, but it has some characteristics that make it suitable for cybercriminals, says Dascalescu.

“It’s an anonymous, virtually untraceable currency due to the encryption at the core. Bitcoin, Ether and other coins are not anonymous and are currently under intense scrutiny,” she says.

Monero obfuscates not just its addresses, but also its transaction amounts and destinations. Conversely, the Bitcoin and Ether blockchains are transparently explorable, and poor operational security can give hints as to a user’s identity.

Read Salon and pay – legitimately – with your own CPU power

A spokesperson for Salon says that Monero is also perfectly suited for browser-based mining, because code inside browser sandboxes can happily churn away mining the currency without having to touch the GPU.

Salon has a reason to be interested in this concept, having launched a cryptocurrency mining initiative of its own. This one is completely above board, though. It is targeting only the one in five visitors who use ad blockers. If they don’t want to turn them off, it lets them mine Monero instead. A spokesperson for the company said that it is using “the newest version” of Coinhive to mine Monero.

They didn’t confirm when asked, but we suspect this may be AuthedMine, a version of the software that the Coinhive developers created specifically to avoid ad blockers. This fulfils what the Coinhive devs have said was their original intention: to provide an alternative source of revenue to advertising.

Unlike Coinhive, AuthedMine mandates an opt-in before it will begin mining, making it impossible for sites to use it on the sly. Salon requires two opt-ins before it allows users to mine.

How much Salon plans to make is unclear. “While there clearly is revenue being generated from this activity, we have no expectations,” said its spokesperson. “The purpose of this beta is a proof of concept to help us develop a more robust method of exchanging value between a user and a publisher. We plan to see how decentralized computing as a concept is embraced by the general public and how that can be leveraged for other industries that require large sums of computing power.”

Perhaps it’s just as well not to expect too much just yet. At the time of the great cryptojacking hack, Monero was worth about $245 a coin. Motherboard reports that the crooks ended up mining 0.1 Monero, which would have netted them about $24 – had Coinhive actually paid them (it didn’t).

To be fair, all the controversy had pushed Monero above $300 at the time of writing, meaning that if they had actually received the money, the cybercriminals could have not only taken four people to see a movie, but also shelled out for an overpriced theatre-bought bag of M&Ms as well.

If they do make it along to the movies, may we suggest the original Ocean’s Eleven? That mob didn’t do too well, either.