Hackers Injecting Coinhive Short URLs into Hacked Sites
According to security researchers at Malwarebytes, a large number of legitimate websites have been hacked to load short URLs unknowingly, generated using CoinHive, inside a hidden HTML iFrame in an attempt to force visitors' browsers into mining cryptocurrencies for attackers.
Malwarebytes researchers believe that the hacked websites they discovered are part of the same ongoing malicious campaign uncovered by Sucuri researchers.
Discover the Hidden Dangers of Third-Party SaaS Apps
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
Since the URL shortener loads using the hidden iFrame is invisible, noticing it on a web page will be quite difficult. The infected webpage then automatically starts mining until the Coinhive short-link service redirects the user to the original URL.
"Indeed, while Coinhive's default setting is set to 1024 hashes, this one requires 3,712,000 before loading the destination URL," said Jérôme Segura, a security researcher at Malwarebytes.Moreover, once the required number of hashes have been achieved, the link behind the short-URLs further redirects the user back to the same page in an attempt to start the mining process once again, where the site visitor would trick into thinking that the web page has only been refreshed.
Crooks Also Attempts to Turns Your PC into Crypto-Mining Slave
Besides the hidden iFrame, researchers have found that cybercriminals are also injecting hyperlinks to other hacked websites in order to trick victims into downloading malicious cryptocurrency mining malware for desktops disguises as legitimate versions of the software.
"In this campaign, we see infrastructure used to push an XMRig miner onto users by tricking them into downloading files they were searching for online," researchers said.
"In the meantime, hacked servers are instructed to download and run a Linux miner, generating profits for the perpetrators but incurring costs for their owners."The best way to protect yourself from the illegal in-browser cryptocurrency mining is to use a browser extension, like minerBlock and No Coin, that are specifically designed to block popular mining services from utilizing your computer resources.