The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: cryptocurrency miner

Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down

Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down

February 28, 2019Wang Wei
Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive's service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites . For a brief recap: In recent years, cybercriminals leveraged every possible web vulnerability [in Drupal , WordPress , and others ] to hack thousands of websites and wireless routers , and then modified them to secretly inject Coinhive's JavaScript-based Monero (XMR) cryptocurrency mining script on web-pages to financially benefit themselves. Millions of online users who visited those hacked websites immediately had their computers' processing power hijacked, also known as cryptojacking , to mine cryptocurrency without users' knowledge, potentially generating profits for cybercriminals in the background.
CoinHive URL Shortener Abused to Secretly Mine Cryptocurrency Using Hacked Sites

CoinHive URL Shortener Abused to Secretly Mine Cryptocurrency Using Hacked Sites

July 04, 2018Wang Wei
Security researchers have been warning about a new malicious campaign that leverages an alternative scheme to mine cryptocurrencies without directly injecting the infamous CoinHive JavaScript into thousands of hacked websites. Coinhive is a popular browser-based service that offers website owners to embed JavaScript code that utilizes their website visitors' CPUs power in order to mine the Monero cryptocurrency for monetization. However, since its inception, mid-2017, cybercriminals have been abusing the service to illegally make money by injecting their own version of CoinHive JavaScript code to a large number of hacked websites, eventually tricking their millions of visitors into unknowingly mine Monero coins. Since a lot of web application security firms and antivirus companies have now updated their products to detect unauthorized injection of CoinHive JavaScript, cybercriminals have now started abusing a different service from CoinHive to achieve the same. Hackers
Hackers Exploiting Drupal Vulnerability to Inject Cryptocurrency Miners

Hackers Exploiting Drupal Vulnerability to Inject Cryptocurrency Miners

April 18, 2018Mohit Kumar
The Drupal vulnerability (CVE-2018-7600), dubbed Drupalgeddon2 that could allow attackers to completely take over vulnerable websites has now been exploited in the wild to deliver malware backdoors and cryptocurrency miners. Drupalgeddon2, a highly critical remote code execution vulnerability discovered two weeks ago in Drupal content management system software, was recently patched by the company without releasing its technical details. However, just a day after security researchers at Check Point and Dofinity published complete details, a Drupalgeddon2 proof-of-concept (PoC) exploit code was made widely available, and large-scale Internet scanning and exploitation attempts followed. At the time, no incident of targets being hacked was reported, but over the weekend, several security firms noticed that attackers have now started exploiting the vulnerability to install cryptocurrency miner and other malware on vulnerable websites. The SANS Internet Storm Center spotted so
600 Powerful Bitcoin-Mining Computers Worth $2 Million Stolen In Iceland

600 Powerful Bitcoin-Mining Computers Worth $2 Million Stolen In Iceland

March 05, 2018Swati Khandelwal
Around 600 powerful devices specifically designed for mining bitcoin and other cryptocurrencies have been stolen from Icelandic data centers in what has been dubbed the "Big Bitcoin Heist." To make a profit, so far criminals have hacked cryptocurrency exchanges , spread mining malware , and ransomware —and even kidnapped cryptocurrency investors for ransom and tried to rob a bitcoin exchange , but now the greed has reached another level. The powerful computers are estimated to be worth around $2 million, Associated Press reports , and are used to generate cryptocurrency that at the time of this writing are worth $11,500 each. The theft, which took place between late December and early January, is one of the biggest series of robberies Iceland has ever experienced, according to law enforcement. "This is grand theft on a scale unseen before," said Police Commissioner Olafur Helgi Kjartansson of the southwestern Reykjanes peninsula. There were four differe
Nearly 2000 WordPress Websites Infected with a Keylogger

Nearly 2000 WordPress Websites Infected with a Keylogger

January 29, 2018Swati Khandelwal
More than 2,000 WordPress websites have once again been found infected with a piece of crypto-mining malware that not only steals the resources of visitors' computers to mine digital currencies but also logs visitors' every keystroke. Security researchers at Sucuri discovered a malicious campaign that infects WordPress websites with a malicious script that delivers an in-browser cryptocurrency miner from CoinHive and a keylogger. Coinhive is a popular browser-based service that offers website owners to embed a JavaScript to utilise CPUs power of their website visitors in an effort to mine the Monero cryptocurrency. Sucuri researchers said the threat actors behind this new campaign is the same one who infected more than 5,400 Wordpress websites last month since both campaigns used keylogger/cryptocurrency malware called cloudflare[.]solutions. Spotted in April last year, Cloudflare[.]solutions is cryptocurrency mining malware and is not at all related to network
Cryptocurrency Mining Scripts Now Run Even After You Close Your Browser

Cryptocurrency Mining Scripts Now Run Even After You Close Your Browser

November 30, 2017Swati Khandelwal
Some websites have found using a simple yet effective technique to keep their cryptocurrency mining javascript secretly running in the background even when you close your web browser. Due to the recent surge in cryptocurrency prices, hackers and even legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor's PC to mine Bitcoin or other cryptocurrencies. After the world's most popular torrent download website, The Pirate Bay , caught secretly  using Coinhive , a browser-based cryptocurrency miner service, on its site last month, thousands of other websites also started using the service as an alternative monetization model to banner ads. However, websites using such crypto-miner services can mine cryptocurrencies as long as you're on their site. Once you close the browser window, they lost access to your processor and associated resources, which eventually stops mining. Un
D-Link MEA Site Caught Running Cryptocurrency Mining Script—Or Was It Hacked?

D-Link MEA Site Caught Running Cryptocurrency Mining Script—Or Was It Hacked?

November 01, 2017Wang Wei
Last month the popular torrent website The Pirate Bay caused some uproar by adding a Javascript-based cryptocurrency miner to its site with no opt-out option, utilizing visitors' CPU power to mine Monero coins in an attempt to gain an extra source of revenue. Now D-Link has been caught doing the same, although there's high chance that its website has been hacked. D-Link's official website for Middle East (www.dlinkmea.com) has been found secretly adding a JavaScript-based cryptocurrency miner, according to a blog post published by security firm Seekurity on Tuesday. Seekurity team was made aware of the issue after Facebook user Ahmed Samir reported that visiting on D-Link Middle East website caused his web browser utilizing a "super high CPU" power usage. As shown in the screenshot below, a separate domain was loaded using a hidden iFrame for each page view, which included the cryptocurrency mining script. Five days after Seekurity team reported th
Hacker Hijacks CoinHive's DNS to Mine Cryptocurrency Using Thousands of Websites

Hacker Hijacks CoinHive's DNS to Mine Cryptocurrency Using Thousands of Websites

October 25, 2017Mohit Kumar
When yesterday I was reporting about the sudden outbreak of another global ransomware attack ' Bad Rabbit ,' I thought what could be worse than this? Then late last night I got my answer with a notification that Coinhive has been hacked — a popular browser-based service that offers website owners to embed a JavaScript to utilise their site visitors' CPUs power to mine the Monero cryptocurrency for monetisation. Reportedly an unknown hacker managed to hijack Coinhive's CloudFlare account that allowed him/her to modify its DNS servers and replace Coinhive's official JavaScript code embedded into thousands of websites with a malicious version. https://coin-hive[.]com/lib/coinhive.min.js Hacker Reused Leaked Password from 2014 Data Breach Apparently, hacker reused an old password to access Coinhive's CloudFlare account that was leaked in the Kickstarter data breach in 2014. "Tonight, Oct. 23th at around 22:00 GMT our account for our DNS provi
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.