- Joined
- Feb 21, 2013
- Messages
- 10,459
- Reaction score
- 13,850
after the bad rabbit ransomeware attack
here:Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe
the latest is this
a popular browser-based service that offers website owners to embed a JavaScript to utilise their site visitors' CPUs power to mine the Monero cryptocurrency for monetisation.
Reportedly an unknown hacker managed to hijack Coinhive's CloudFlare account that allowed him/her to modify its DNS servers and replace Coinhive's official JavaScript code embedded into thousands of websites with a malicious version.
Apparently, hacker reused an old password to access Coinhive's CloudFlare account that was leaked in 2014
Coinhive gained media attention in past few weeks after The Pirate Bay, was caught secretly using this browser-based cryptocurrency miner on its site.
Immediately after that thousands of other websites also started using Coinhive as an alternative monetisation model by utilising their visitors' CPU processing power to mine digital currencies.
Even hackers are also using Coinhive like services to make money from compromised websites by injecting a script secretly.
How to Block Websites From Hijacking Your CPU to Mine Cryptocoins
Due to concerns mentioned above, some Antivirus products, including Malwarebytes and Kaspersky, have also started blocking Coinhive script to prevent their customers from unauthorised mining and extensive CPU usage.
You can also install, No coin Or Minerblock small open source browser extensions (plug-ins) that block coin miners such as Coinhive.
No Coin
minerBlock
here:Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe
the latest is this
a popular browser-based service that offers website owners to embed a JavaScript to utilise their site visitors' CPUs power to mine the Monero cryptocurrency for monetisation.
Reportedly an unknown hacker managed to hijack Coinhive's CloudFlare account that allowed him/her to modify its DNS servers and replace Coinhive's official JavaScript code embedded into thousands of websites with a malicious version.
Apparently, hacker reused an old password to access Coinhive's CloudFlare account that was leaked in 2014
"Tonight, Oct. 23th at around 22:00 GMT our account for our DNS provider (Cloudflare) has been accessed by an attacker. The DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third party server." Coinhive said in a blog post today."This third-party server hosted a modified version of the JavaScript file with a hardcoded site key."
As a result, thousands of sites using coinhive script were tricked for at least six hours into loading a modified code that mined Monero cryptocurrency for the hacker rather than the actual site owners."We have learned hard lessons about security and used 2FA [Two-factor authentication] and unique passwords for all services since, but we neglected to update our years old Cloudflare account."
Your Web-Browsers Could Be Mining Cryptocurrencies Secretly for StrangersCoinhive gained media attention in past few weeks after The Pirate Bay, was caught secretly using this browser-based cryptocurrency miner on its site.
Immediately after that thousands of other websites also started using Coinhive as an alternative monetisation model by utilising their visitors' CPU processing power to mine digital currencies.
Even hackers are also using Coinhive like services to make money from compromised websites by injecting a script secretly.
How to Block Websites From Hijacking Your CPU to Mine Cryptocoins
Due to concerns mentioned above, some Antivirus products, including Malwarebytes and Kaspersky, have also started blocking Coinhive script to prevent their customers from unauthorised mining and extensive CPU usage.
You can also install, No coin Or Minerblock small open source browser extensions (plug-ins) that block coin miners such as Coinhive.
No Coin
minerBlock
