porn
Porn websites account for roughly half of all sites hosting crypto-mining software Istock

Pornography websites make up roughly half of all domains using so-called crypto-mining software to exploit visitor's computer power and make money, research suggests.

Experts from 360NetLab, a Beijing-based cybersecurity company, used a detection tool that scans patterns in website traffic to analyse mining "on the entire internet level". It found that 628 websites out of Alexa's top 300,000 had mining code implemented in their homepage.

A total of 49% of the websites were hosting adult content, it said. Other categories included fraud (8%), advertising (7%), mining (7%), film/television (6%) and personal blogging (4.2%).

Crypto-mining code exploits a user's computing power to "mine" virtual currency in the background, often without informing the visitor.

The most popular tool is known as Coinhive, and 360NetLab said it accounts for 57% of results.

In a blog posted Friday (9 February), researchers released the full list of domains hosting the software. The highest-ranked websites included mejortorrent, firefoxchina, scamadviser, and thepiratebay.blue. Porn websites, while making up the majority of results, were rather obscure – such as streamxxx, youpornpics, xxgasm and megapornpics. It is not advised to visit the domains.

The miners currently operate in a legal grey area. Some websites – mostly in the peer-to-peer community – argue that crypto-mining offers a way to fund their services without being forced to rely on advertising and donations. Others say it should be opt-in only.

According to 360NetLab, the crypto-mining scene first picked up pace in mid-2017. It found "the market keeps growing" and noted a significant "boost" in January this year.

In many cases, a strong anti-virus software will be able to catch the miner before it takes hold. If your CPU is being used to mine coins, the computer's speed will likely slow to a crawl.

Different software will mine for different virtual currency – but the most popular form, experts say, is called Monero. In December 2017, the shop WiFi connection at a Starbucks in Argentina was hijacked and used to infect customers' laptops as they connected to the network.

The software has also been found in Chrome extensions, browsers and Android applications. Most recently, in January this year, researchers from Trend Micro said hackers were exploiting YouTube advertising to compromise viewers' computer CPUs and create the coins.