hacker7 Posted October 26, 2017 Share Posted October 26, 2017 Hacker Hijacks CoinHive's DNS to Mine Cryptocurrency Using Thousands of Websites Tuesday, October 24, 2017 When yesterday I was reporting about the sudden outbreak of another global ransomware attack 'Bad Rabbit,' I thought what could be worse than this? Then late last night I got my answer with a notification that Coinhive has been hacked — a popular browser-based service that offers website owners to embed a JavaScript to utilise their site visitors' CPUs power to mine the Monero cryptocurrency for monetisation. Reportedly an unknown hacker managed to hijack Coinhive's CloudFlare account that allowed him/her to modify its DNS servers and replace Coinhive's official JavaScript code embedded into thousands of websites with a malicious version. https://coin-hive[.]com/lib/coinhive.min.js Hacker Reused Leaked Password from 2014 Data Breach Apparently, hacker reused an old password to access Coinhive's CloudFlare account that was leaked in the Kickstarter data breach in 2014. "Tonight, Oct. 23th at around 22:00 GMT our account for our DNS provider (Cloudflare) has been accessed by an attacker. The DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third party server." Coinhive said in a blog post today. "This third-party server hosted a modified version of the JavaScript file with a hardcoded site key." As a result, thousands of sites using coinhive script were tricked for at least six hours into loading a modified code that mined Monero cryptocurrency for the hacker rather than the actual site owners. "We have learned hard lessons about security and used 2FA [Two-factor authentication] and unique passwords for all services since, but we neglected to update our years old Cloudflare account." Your Web-Browsers Could Be Mining Cryptocurrencies Secretly for Strangers Coinhive gained media attention in last weeks after world's popular torrent download website, The Pirate Bay, caught secretly using this browser-based cryptocurrency miner on its site. Immediately after that more than thousands of other websites also started using Coinhive as an alternative monetisation model by utilising their visitors' CPU processing power to mine digital currencies. Even hackers are also using Coinhive like services to make money from compromised websites by injecting a script secretly. Well, now the company is also looking ways to reimburse its users for the lost revenue due to breach. How to Block Websites From Hijacking Your CPU to Mine Cryptocoins Due to concerns mentioned above, some Antivirus products, including Malwarebytes and Kaspersky, have also started blocking Coinhive script to prevent their customers from unauthorised mining and extensive CPU usage. You can also install, No Coin Or minerBlock, small open source browser extensions (plug-ins) that block coin miners such as Coinhive. Source Link to comment Share on other sites More sharing options...
steven36 Posted October 26, 2017 Share Posted October 26, 2017 I wonder how all these people who said this was better than ads fell now? Within a little over a month the sites dns was took over by hackers not much difference than getting hijacked via a infected ad .Lol all these idiots who were willing to turn there PCs into botnets too download warez who had been blocking ads for years all the sudden got a heart and started approving of monetizing for profit . It's the early 2000s all over again when people use to install spyware programs to download warez . Wait that's windows and half it's programs now days . I blocked this crap since day one in uMatrix Link to comment Share on other sites More sharing options...
hacker7 Posted October 26, 2017 Author Share Posted October 26, 2017 9 hours ago, steven36 said: I wonder how all these people who said this was better than ads fell now? I bit they ether got hacked or feel stupid as Hell now Quote I blocked this crap since day one in uMatrix Same here I rather have the shiity ads then this . Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted October 26, 2017 Share Posted October 26, 2017 i said about No Coin addon days ago to someone for if u use adguard best use No Coin aswell Link to comment Share on other sites More sharing options...
steven36 Posted October 26, 2017 Share Posted October 26, 2017 3 minutes ago, knowledge said: i said about No Coin addon days ago to someone for if u use adguard best use No Coin aswell Cant you just ad NoCoin too you're adblocker list instead installing another addon? https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/nocoin.txt I know ublock origin have there own list to block this called resource abuse filters ... Link to comment Share on other sites More sharing options...
hacker7 Posted October 26, 2017 Author Share Posted October 26, 2017 It's true ! adding Nocoin To the adblocker list instead will also Minimize the ram usage on pc Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted October 26, 2017 Share Posted October 26, 2017 27 minutes ago, steven36 said: Cant you just ad NoCoin too you're adblocker list instead installing another addon? https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/nocoin.txt I know ublock origin have there own list to block this called resource abuse filters ... both work i say addon as its easyer for people who not have much info on pcs but both will do the same thing Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted October 27, 2017 Administrator Share Posted October 27, 2017 I never agreed with this idea of using people's computer resources to pay for the server costs. I'm even more concerned about opening effected sites on mobile, as some of the sites I have used I have a suspicion of them making a use of it. Link to comment Share on other sites More sharing options...
hacker7 Posted October 27, 2017 Author Share Posted October 27, 2017 9 hours ago, DKT27 said: I never agreed with this idea of using people's computer resources to pay for the server costs. I'm even more concerned about opening effected sites on mobile, as some of the sites I have used I have a suspicion of them making a use of it. I think when it comes to Android it's a bit different! Because as long as one unknown sources off and maybe a good anti malware it's enough. If i remember correct the pirate bay were one of most famous torrent side who started using this method i while ago! Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted October 27, 2017 Administrator Share Posted October 27, 2017 28 minutes ago, hacker7 said: I think when it comes to Android it's a bit different! Because as long as one unknown sources off and maybe a good anti malware it's enough. If i remember correct the pirate bay were one of most famous torrent side who started using this method i while ago! It's quite possible to run this script in an Android browser, using up it's battery and other resources. Not anything to do with the installation of apps I think. Link to comment Share on other sites More sharing options...
hacker7 Posted October 27, 2017 Author Share Posted October 27, 2017 9 hours ago, DKT27 said: It's quite possible to run this script in an Android browser, using up it's battery and other resources. Not anything to do with the installation of apps I think. Yes of cores you are right. Silly me! Btw i was referring to adware and bad adds in latest comment. This script is also effecting android browsers as you described above! A friend recently have made a anti script for this and working great, now almost all popular adblockers including adgaurd , orginblock can detect the script but still is a risky thing! Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted October 27, 2017 Administrator Share Posted October 27, 2017 27 minutes ago, hacker7 said: Yes of cores you are right. Silly me! Btw i was referring to adware and bad adds in latest comment. This script is also effecting android browsers as you described above! A friend recently have made a anti script for this and working great, now almost all popular adblockers including adgaurd , orginblock can detect the script but still is a risky thing! My apologies if I was rude there, if you felt so. I see. Indeed you are correct there. AG now warns users when they open such site, asking them whether to allow such. Link to comment Share on other sites More sharing options...
hacker7 Posted October 27, 2017 Author Share Posted October 27, 2017 9 hours ago, DKT27 said: My apologies if I was rude there, if you felt so. I see. Indeed you are correct there. AG now warns users when they open such site, asking them whether to allow such. It's ok i understand, a lot to do in here. , in fact i was just reading about the blog.jquery.com) who got hacked recently https://thehackernews.com/2017/10/jquery-hacked.html Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.