Yet another lesson in how not to secure your network.
The cryptocurrency mining software provider said this week that at approximately 10 pm GMT on Monday, the firm received a note from its DNS provider, Cloudflare which warned Coinhive that its account had been accessed by a threat actor.
The DNS records for coinhive.com had been manipulated to redirect requests for coinhive.min.js to a third-party server, containing a modified version of the JavaScript file with a hardcoded site key.
The Coinhive Javascript is embedded by users into their websites as a way to mine for the cryptocurrency Monero, but the attackers were able to hijack this script to ensure mined funds entered a wallet they controlled rather than user wallets.
"This essentially let the attacker "steal" hashes from our users," Coinhive says.
The script used to implement cryptocurrency miners in website domains is a new, albeit controversial idea.
Mining for virtual currency is being examined as an alternative to third-party ads as a way to generate revenue and it was the Pirate Bay's pilot trial which propelled the idea into the spotlight.
Due to a coding error, users spotted the website's miner as it pulled huge amounts of CPU power from visitor systems, rather than 20 to 30 percent as originally intended.
Following visitor backlash, the Pirate Bay admitted to testing the miner as a "way to get rid of all the ads."
Other parties have begun exploring mining, too. According to a report from Adguard, 2.2 percent of the top 100,000 websites on the Alexa list are nowmining through user PCs -- but few are asking for permission first.
Coinhive miners are currently stopped from operating by many adblockers, but for websites using the software to generate cash, losing their hashes would likely be met with annoyance.
No comments:
Post a Comment