2Likes
LinkBack URL
About LinkBacks
The number of websites injecting visitors’ computers with JavaScript code that is used to mine for cryptocurrency is rapidly growing, according to new research detecting nearly 1,000 sites now partaking in the practice.
Security firm RiskIQ Inc. today said it made the discovery, finding 991 domains using code from Coin Hive. That company provides the service that sees the computing resources of website visitors used to mine for Monero, a cryptocurrency that competes with bitcoin and Ethereum.
The practice of using JavaScript injections for cryptomining first came to public attention two weeks ago when The Pirate Bay was detected using the code on some pages. Ostensibly it was for testing purposes, though the site said it was considering using the script as an alternative to displaying ads. The code was detected again this week on sites run by Showtime, the CBS Corp.-owned premium cable channel, although it’s not known if those sites were testing the code or if they had been hacked.
RiskIQ noted that implementation of the code is not always bad. Some sites ask permission from visitors to allow it to run, while others, like The Pirate Bay and Showtime, “are leveraging their users’ machines to collect Monero without their consent, degrading their experience with slower speeds in the process.”
The researchers added that at least with some installations of the cryptomining code, website owners may not be aware that it is present and it “could have found its way onto a site when public code was modified downstream,” which is another way of saying the sites were hacked.
The use of cryptominers on websites does present other risks, with the researchers noting that it gives opportunities to bad actors to create fake, illegitimate websites to siphon off money. “By leveraging domains or subdomains that appear to belong to major brands, these actors trick people to visiting their sites running the Coin Hive Monero mining script to monetize their content,” they added. “In the 991 domains we found, there were many examples of typo-squatting and domain infringement.”
There are a number of options available to users who are concerned about sites using the script. Ad blocker Adblock Plus added a block against cryptominers last week, and for Google Chrome users there is dedicated browser add-on called No Coin that also blocks the code.
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
-
09-27-2017 #1Donor
- Reputation Points
- 855498
- Reputation Power
- 100
- Join Date
- Jan 2016
- Posts
- 32,787
- Time Online
- 640 d 20 h 33 m
- Avg. Time Online
- 5 h 6 m
- Mentioned
- 3337 Post(s)
- Quoted
- 917 Post(s)
- Liked
- 34147 times
- Feedbacks
- 115 (100%)
Nearly 1,000 websites found running cryptomining code that hijacks computers
Reply With QuoteLinkBacks (?)
-
09-27-2017, 06:15 AM
-
09-27-2017, 06:15 AM
