was one of the most notorious sites known for hosting pirated media content in India. The site had been around for more than a decade and has been a tormenting problem for the Indian Music Industry. The website not only allows users to stream music and other content illegally, but also lets them download the same for offline use. The music makers guild had earlier approached the court and as a result of which the website was banned in 2012. However, the website was sporadically hosted on different servers and is apparently back once again, this time with a much more sinister intention. returns with a bitcoin miner script in tow -

Earlier, an investigation by IFPI revealed that the server of the website is in Pakistan and hence they had to approach the Pakistani Government officials. The location of the server is still difficult to trace and despite being blocked by a high court in Calcutta, the is back again.

The Department of Industrial Policy and Promotion is said to be collaborating with internet service providers and also search engines to block the site completely. Even now, the will open only from Google Search and a direct URL query will leave users with an error warning.

Hidden Intent?

Rogue sites like and many others have often been accused of spying on users behavior or even injecting malicious scripts into the browsers. That apart, I have earlier seem some advertisements that were socially engineered to deliver malware. However, this time around the new comes armed with not just malicious ads but also with a bitcoin miner on board.

Enter JavaScript Crypto Miners

As the frenzy surrounding Bitcoin and other cryptocurrency is scaling new heights, shady sites are taking advantage of the same. The websites are employing “In-Browser” miners and using a visitors resources to mine Bitcoin. While some might argue it’s alright to mine cryptocurrency in the background as a barter to use content for free, none of the sites ask users consent for the same. In other words, the behaviour of such In-Browser miners is similar to that of malware and this raises several red flags. The number of such In-Browser web services is also on the rise and some like, CoinBlind and CoinNebula are openly claiming that they are configured in such a way that users cannot report abuse.

Is Deploying an “In-Browser Crypto” Coin Miner? seem to have gotten its hands on yet other (illegitimate) way to earn revenue. The site in question is said to have over 20 Lakh users and using In-Browser Miners is likely to help them gain better revenues at the cost of users hardware. returns with a bitcoin miner script in tow - bitcoin songs pk

In order to check whether the website is using such javascript based miners, we checked the source/html code as suggested by a developer friend, @ArpitNext. As expected, I spotted that the site is loading a mining script from the “” The CPU usage spiked up incessantly when I opened and this affected the overall responsiveness of the browser in a negative manner. Check the screenshots below, the first one shows the impact the mining script is having on my MacBook while the other one shows the high RAM/CPU usage as opposed to the other tabs opened on my Chrome browser. returns with a bitcoin miner script in tow - songs pk 2 returns with a bitcoin miner script in tow - songs pk 3

Javascripts are often the entry-point for exploit methods like code injection, privilege escalation and also installation of virus/ransomware. In fact, this Github page details the entire list of vulnerabilities using JavaScript. The time is ripe for us to pitch an article of ours which listed down Chrome extensions to block malicious coin mining scripts like jsecoin.

Wrapping it up

The music streaming industry has evolved a lot in the last decade or so. Earlier most of us were left with no option but to download pirated content or buy Audio CD of the entire album. Streaming services like Gaana, Saavn and many others are offering free and premium streaming plans. I am struggling to think on why would one risk their computers and end up in sites like to access the content while they can do so in a legit way.

Was this article helpful?