What do Vegas hookers, Colombian government, and 30,000 other sites have in common? Crypto-…

Over the past few months there has been an alarming rise in the number of websites running code that silently joyrides computers and secretly makes them mine digital currency for miscreants.

The latest count suggests more than 30,000 sites are quietly running JavaScript miners on people’s PCs and handhelds – way more thanpreviously thought.

An analysis , published this month by infosec guru Troy Mursch, revealed that the vast majority of coin-mining code came from Coin Hive, the freely available JavaScript code developed to mine Monero. It appears the scripts were slipped into most, but not all, webpages covertly by hackers and other miscreants. In all, Mursch found 30,611 sites on the web running Coin Hive’s JavaScript to effectively cryptojack machines into digging up digital dosh for shady netizens.

For example, DNS provider ZoneEdit was running Coin Hive code on 324 parked web domains: on Monday this week, the biz coughed up to the sneaky inclusion and removed the code. Las Vegas ladies of the night were also mining crypto-currency on punters’ PCs. A Colombian government agency’s site was also hijacked to covertly craft coins. A parody website was even created to “warm” your MacBook as winter approaches: obviously, it was running a miner.

Let’s get ready to grumble! UFC secretly choke slams browsers with Monero miners


While a few sites chose to deliberately run Coin Hive – such as ZoneEdit and the Pirate Bay – the number of websites unwittingly running the code, inserted by persons unknown, is much higher. We’ve already seen organizations fromUFC toCBS Showtime running Coin Hive inadvertently, and this latest scan shows Papa John’s Pizza in Mexico and the US National Association of Doctors are harvesting Monero, neither of which are likely to have installed it deliberately. Papa John’s in Ecuadorwas also pwned to run Coin Hive code on its site.

In addition it appears that many of these mining operations are being run by one person. Mursch found that one “Mohammad Khezri” of Iran seems to be controlling a vast number of mining operations spread across many domains to maximize returns.

Naturally not many people are wild about contributing their power and CPU cycles to make other people money, and security software and some ad blockers actively shut down Coin Hive’s code when it is loaded into browsers. The miner’s programmers are fine with that, and have stopped developing the software in favor of AuthedMine , which asks permission before getting mining – however, the original sneaky code is still the go-to miner of choice for online crims.

The best of the rest

There are alternatives, such as JSECoin .

“Coin Hive is not the only JavaScript miner available for cryptojacking use,” Mursch said. “Many competitors have popped up in its wake. Using PublicWWW, I found JSECoin was in a distant second place behind Coin Hive on 905 websites.”

In the meantime, Mursch has put in a request to Google engineers to add some kind of blocking code into Chrome that can block coin miners. While there’s nothing wrong with informed use of coin mining software – it is supposed to be an alternative way for webmasters to earn money besides adverts – the quickly increasing scale of the problem suggests that such blocking measures will have to be taken in browsers to curb the menace of these CPU-cycle thieves. ®

Sponsored: The Joy and Pain of Buying IT – Have Your Say

The Register稿源:The Register (源链) | 关于 | 阅读提示

本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » 前端开发 » What do Vegas hookers, Colombian government, and 30,000 other sites have in common? Crypto-…

喜欢 (0)or分享给?

专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录