Earlier, an investigation by IFPI revealed that the server of the website is in Pakistan and hence they had to approach the Pakistani Government officials. The location of the server is still difficult to trace and despite being blocked by a high court in Calcutta, the Songs.pk is back again. The Department of Industrial Policy and Promotion is said to be collaborating with internet service providers and also search engines to block the site completely. Even now, the Songs.pk will open only from Google Search and a direct URL query will leave users with an error warning.
Hidden Intent?
Rogue sites like Songs.pk and many others have often been accused of spying on users behavior or even injecting malicious scripts into the browsers. That apart, I have earlier seem some advertisements that were socially engineered to deliver malware. However, this time around the new Songs.pk comes armed with not just malicious ads but also with a bitcoin miner on board.
Enter JavaScript Crypto Miners
As the frenzy surrounding Bitcoin and other cryptocurrency is scaling new heights, shady sites are taking advantage of the same. The websites are employing “In-Browser” miners and using a visitors resources to mine Bitcoin. While some might argue it’s alright to mine cryptocurrency in the background as a barter to use content for free, none of the sites ask users consent for the same. In other words, the behaviour of such In-Browser miners is similar to that of malware and this raises several red flags. The number of such In-Browser web services is also on the rise and some like, CoinBlind and CoinNebula are openly claiming that they are configured in such a way that users cannot report abuse.
Is Songs.pk Deploying an “In-Browser Crypto” Coin Miner?
Songs.pk seem to have gotten its hands on yet other (illegitimate) way to earn revenue. The site in question is said to have over 20 Lakh users and using In-Browser Miners is likely to help them gain better revenues at the cost of users hardware.
In order to check whether the website is using such javascript based miners, we checked the source/html code as suggested by a developer friend, @ArpitNext. As expected, I spotted that the site is loading a mining script from the “jsecoin.com.” The CPU usage spiked up incessantly when I opened Songs.pk and this affected the overall responsiveness of the browser in a negative manner. Check the screenshots below, the first one shows the impact the mining script is having on my MacBook while the other one shows the high RAM/CPU usage as opposed to the other tabs opened on my Chrome browser.
Javascripts are often the entry-point for exploit methods like code injection, privilege escalation and also installation of virus/ransomware. In fact, this Github page details the entire list of vulnerabilities using JavaScript. The time is ripe for us to pitch an article of ours which listed down Chrome extensions to block malicious coin mining scripts like jsecoin.
Wrapping it up
The music streaming industry has evolved a lot in the last decade or so. Earlier most of us were left with no option but to download pirated content or buy Audio CD of the entire album. Streaming services like Gaana, Saavn and many others are offering free and premium streaming plans. I am struggling to think on why would one risk their computers and end up in sites like Songs.pk to access the content while they can do so in a legit way.