Skip to main content

New Scam, Killing Ads

Coinhive the first browser-based cryptocurrency mining project is becoming a source of income for the Internet malefactors. Its evolution promptly shifts from monetizing website traffic to a workflow of which the army of crypto-crooks benefit.

Coinhive constitutes a Java solution that anyone can upload and integrate into a website. A page hosting such JavaScript library would launch a hidden process that exploits the resources of the user’s device to mine Monero coins. Everything happens through the web-browser.

The design is unique and smart. Well done! Coinhive developers claim it is the best replacement for boring ads. All it needs is an access to the CPU of the device. Websites raise funds while their visitors are enjoying ads-free browsing.

Shortly after the release of the app, the Pirate Bay hosted it for a while. As the visitors’ feedback was unwelcome the Pirate Bay got rid of the novelty.

However, this was the recognition that subsequently lured a couple of other websites, namely showtime.com and showtimeanytime.com, to try Coinhive. Rumors have it that the attackers hacked those websites and dropped the Monero mining JavaScript without any approvals.

Alternate explanation suggests the approval was in place, but only for the trial mode. This theory sounds more likely. SetThrottle estimates the Coinhive was running only 3% of the time. In the case of a hack, this ratio would definitely be higher. The alleged intruder would realize the risk of being detected, hence try to get as much as possible as soon as possible.

Latest estimate reveals that top-100 websites like the Pirate Bay may earn 27.5 XMR per month, which is roughly $12,000. Since the Pirate Bay is among top-100 most visited websites, while the Showtime is only at the end of the top 10,000, the latter would earn much less than the former.

Good intentions pave the way to hell. The design of Coinhive is no crime, but the miner follows the sad path of a number of other useful solutions harnessed by crooks. In less than a week after the developers introduced their Monero-making product, the cyber-criminals integrated it widely and deeply into their scams.

The first attack hit a popular add-on for Google browser, SafeBrowse. A compromised extension had Coinhive JavaScript integrated so that any time the Chrome was running, unauthorized mining took place.

Besides, the miners also practice URL hijacking. For instance, the hackers registered a typo-squatted Twitter website, Twitter.com.com (not active anymore). Should you enter the Twitter that way, your browser is to launch the Monero-mining page instead of the true Twitter. Needless to say, you are not going to keep the page open, but even a short visit contributes to the miners’ business. Finally, a number of such misleading websites may generate decent revenue for their holder.

Further observations revealed numerous webpages with their scripts hacked and Coinhive Java running without their webmaster authorization. This was the way a number of Magento and WordPress websites got the Monero-mining JavaScript into their source code.

Larger ad-scam would not stay aside, for sure. At least one notorious cyber gang was found to exploit Coinhive for unauthorized mining. Toxic ads steered web-traffic to the pages pretending to provide tech support. Apart from the fake security alerts, the crooks integrated the mining JavaScript into those pages without, of course, any notification.

Experts predict the integration of Monero into adware is but a matter of time. Most likely, the crooks are to integrate it into browser hijackers. There is hardly any obstacle that would prevent the adware developers from modifying the original payload of their infections to include the background mining with the Coinhive script.

The Coinhive release is available to anyone willing to mine. Its developers claim they assume no liability whatsoever for the way the app is to be used. The hackers do not care either misusing the miner in every possible way.

Already now, the public has labeled Coinhive mining a crypto-jacking due to its hijacking browsers for the unauthorized mining purposes.

IT security is preparing to withstand wide-scale crypto-jacking campaigns. Major anti-adware vendors blacklisted the Coinhive almost immediately upon its release.

Other web developers came up with a pair of dedicated solutions. AntiMiner and minerBlock examine Chrome process and detect and kill any mining activities.

Big news like WannaCry and other ransomware cases, CCleaner and Equifax hacks have already marked this year for IT security, but mining for Monero and other coins is very likely to top the ongoing hacking. Adware is readily available to support the mining scam.

Malware research labs report observing over 1.5 million deviceshit by mining apps. The report covers only first half of this year and only 100% confirmed cases. The cryptocurrency miners are also increasingly landing on corporate networks.

The Coinhive developers are proud to admit their tool is way more popular than they could ever dream but their dreams come true in an awkward, if not ugly, way. Hackers heavily misuse the solution and combine it with malware.

Comments

Popular posts from this blog

Windows 10 now on 600 million machines.

Microsoft CEO Satya Nadella told shareholders that Windows 10 has now passed 600 million monthly active users, picking up 100 million since May of this year. This number counts all Windows 10 devices used over a 28-day period. While most of these will be PCs, there are other things in the mix there: a few million Xbox Ones, a few million Windows 10 Mobile phones, and special hardware like the HoloLens and Surface Hub. The exact mix between these categories isn't known, because Microsoft doesn't say. The company's original ambition (and sales pitch to developers) was to have one billion systems running Windows 10 within about three years of the operating system's launch. In July last year, the company acknowledged that it won't hit that target—the original plan called for  50 million or more phone sales a year , which the retreat from the phone market has made impossible. But at the current rate it should still be on track for somewhere in excess of 700 million use...

WZoneLite – A Pretty Cool WooCommerce Amazon Affiliate Plugin .

Everyone wants to make a million dollars by being a blogger. The promise of riches and internet fame is a big draw to doing it for a lot of people, and I’m sorry to say that the reality of being a blogger (even a professional blogger!) is not quite…as financially lucrative as all that. But that’s not to say that it  can’t be –one of the best ways to start your empire is with an Amazon affiliate plugin. For me, the Amazon Associates program has been one of the biggest earners for me over the years. Not only are there CPM ads like Google Adsense (you know, the normal banner ads we all love to hate), but any time someone clicks a link from your site, you get a percentage of  anything  they buy while the token from your site lasts in their browser. If they buy a song, you get a few cents. If they buy a new MacBook Pro and iPhone? You get…a lot more cents. With that in mind, WZoneLite is a  pretty cool WooCommerce Amazon affiliate plugin that syncs everything together s...

Game-changing SEO trends that will dominate 2018.

Changing nature of the rules of the game. As search engines strive to improve the quality of search results, some ranking factors shift shapes, others fall into oblivion, and completely new ones arise out of nowhere. To help you stay ahead of the game in 2018, here’s a list of the most prominent trends that are gaining momentum, with tips on how you can prepare for each. 1. The rise of SERP features Are you assuming a #1 organic ranking is  the  way to get as much traffic as possible? Think again. Increasingly, SERP features (local packs, Knowledge panels, featured snippets and so on) are stealing searchers’ attention and clicks from organic listings. And it’s only fair if you consider the evolution the Google SERP has been through. It has gone all the way from “10 blue links”… … to something that makes you feel like you’re part of a Brazilian carnival. What can you do about it? With the evolution of SERP features, it’s critical that you (a) track your rankings within...