deepfakes

Surprise, Surprise: A Deepfakes Website Is Loaded With Cryptocurrency Mining Malware

A deepfakes spinoff website is quietly mining cryptocurrency under the guise of fake porn.

Samantha Cole

Shutterstock / deepfakes.cc

As the banhammer falls on deepfakes communities and hosting on Discord, Gfycat, Pornhub, Twitter, and Reddit people interested in making and consuming AI-generated fake porn have been searching for new internet clubhouses to share nonconsensual porn clips and tips about how to make it.

“Deepfakes” are videos created using a machine learning algorithm that swaps one person’s face onto another person’s body. Most frequently, this is used to put a celebrity’s face on a video of a porn performer.

Read more: Targets of Fake Porn Are at the Mercy of Big Platforms

Some deepfakes fans are attempting to avoid watchful admin eyes by setting up their own websites, independent of other platforms. But at least one of these websites, called Deepfakes.cc, contains malware that hijacks visitors’ computing power to mine cryptocurrency without alerting the user. Deepfakes enthusiasts may make particularly good miners: The profitability of cryptocurrency mining depends on a computer’s power, and people running machine learning programs may have more powerful CPUs than the average consumer.

A member of the r/fakeapp subreddit (which was not banned because it does not allow porn) first pointed out the surreptitious mining on deepfakes.cc, in an attempt to alert other members of the issue. Motherboard ran the site through an online antivirus program; it showed that deepfakes.cc is running code from Coinhive’s in-browser miner.

This appears to be a Coinhive browser miner. Motherboard viewed the site’s source code and confirmed that mining is taking place:

Source code from the Javascript file examining deepfakes.cc

With this miner, we saw spikes in CPU usage, as the site attempts to establish a connection to the IP address 94.130.90.152—which is connected to Coinhive, according to VirusTotal.com. Cryptocurrency mining results in CPU usage spikes because the mining process has your computer constantly doing complex math.

An analysis by Malwarebytes also confirmed that the site is mining cryptocurrency in the background.

Browser-based cryptocurrency miners embed code in the web page that uses a portion of the visitor's CPU power—basically a computer’s “brain”—to mine as long as the page is open. Once the browser is closed, the mining stops and CPU usage returns to normal.

Stealth cryptocurrency mining isn’t new; in fact, it’s not even new to porn, as nearly half of the most-mined websites are porn-related. But just like deepfakers’ short-lived marketplace focused on trading bespoke deepfakes for bitcoin, this is another example of the commmunity quickly turning entrepreneurial with their new toy. There's a good chance we'll soon see other websites like this one.

Additional reporting by Destiny Montague.