Hundreds of Websites Infected with Coinhive Software, Visitors Mine Monero Unawares
As of May 8, Coinhive has terminated the site key used to infect the websites and the cryptojacking campaign has since subsided.
After further investigation, Mursch found that the same domain and the Coinhive site key, KNqo4Celu2Z8VWMM0zfRmeJHIl75wMx6, were used to infect a total of 348 websites. To pair down his search, Mursch used proprietary tools developed by Dan Snider and PublicWWW.com, “a source code search engine that allows you to quickly locate potentially affected websites,” he told CoinCentral.
— Bad Packets (@bad_packets) May 6, 2018
All of the affected sites were running the same vulnerable versions of Drupal’s content management system. As such, Mursch implores entities and websites that run Drupal’s system to update to a more robust option immediately.
Cryptojacking, as it’s been branded, the act of infecting websites with mining malware to permisionlessly use visitors’ computing power to mine cryptocurrencies, has become an increasing topic of cyber security concern. Coinhive, which has been deployed for consensual browser mining by the likes of Salon and UNICEF for charity, specifically mines Monero and has been the go-to for hackers looking to make a quick buck.
While “the number of sites using Coinhive has declined somewhat since [last year],” Mursch tells us, he and the Bad Packets team “still find Coinhive being utilized in cryptojacking campaigns as we see with this one targeting vulnerable Drupal sites.”
It can be difficult to tell if a computer has been infected by Coinhive or a related mining malware, but a sluggish operating system and spikes in your computer’s processing power can be sure signs. Downstream fixes can come in the forms of virus scans and wiping your computer of malicious software, but as a preventative measure, you can download the minerBlock browser extension for Chrome to reinforce your computer against cryptojacking attempts.
You can find Troy Mursch’s original report on the findings here.
GourdLords is an Ethereum-based collection of 10,000 randomly generated ERC-721. Each GourdLords NFT by the Magic Collective…
Cool Cats is an Ethereum-based collection of 9,999 randomly generated NFTs. The project and surrounding community have…
Hodlnaut vs. Nexo weighs the pros and cons between an established crypto interest account giant and an…
GourdLords is an Ethereum-based collection of 10,000 randomly generated ERC-721. Each GourdLords NFT by the Magic Collective studio is unique and randomly generated from over 150 hand-drawn assets across six traits. These traits include: 14 Backgrounds 42 Head and Expression Combos 42 Artifacts 19 Wardrobes 36 Hats The GourdLords world borrows from aspects of fantasy,…
ABOUT THE AUTHOR
ABOUT THE AUTHOR
Colin is a freelance writer and crypto-enthusiast based in Nashville, TN. When he’s not speculating crypto futures, he’s probably letting his hair down and/or heading to a music festival–because stereotypes exist for a reason.