WordPress Sites exploited by Coinhive Hackers for Cryptocurrency Mining

October 26, 2017 Arrunadayy Koul No comments exist

Do not have time to read full article and want this article in PDF format in your email.

Enter your Email Address

Last night I got a notification that Coinhive has been hacked — a popular browser-based service that offers website owners to embed a JavaScript to utilise their site visitors’ CPUs power to mine the Monero cryptocurrency for monetisation.

Reportedly an unknown hacker managed to hijack Coinhive’s CloudFlare account that allowed him/her to modify its DNS servers and replace Coinhive’s official JavaScript code embedded into thousands of websites with a malicious version.

https://coin-hive[.]com/lib/coinhive.min.js

How Hackers Got Access to Coinhive’s account

This hacker reused an old password to access Coinhive’s CloudFlare account that was leaked in 2014.

“Tonight, Oct. 23th at around 22:00 GMT our account for our DNS provider (Cloudflare) has been accessed by an attacker. The DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third party server.” Coinhive said in a blog post today.

“This third-party server hosted a modified version of the JavaScript file with a hardcoded site key.”

As a result, thousands of sites using coinhive script were tricked for at least six hours into loading a modified code that mined Monero cryptocurrency for the hacker rather than the actual site owners.

“We have learned hard lessons about security and used 2FA [Two-factor authentication] and unique passwords for all services since, but we neglected to update our years old Cloudflare account.”

Your Web-Browsers May Be Mining Cryptocurrencies Quietly

Coinhive gained popularity in last weeks after world’s popular torrent download website, The Pirate Bay, caught secretly using this browser-based cryptocurrency miner on its site.

Immediately after that lot of other websites also started using Coinhive as an alternative monetisation model by utilising their visitors’ CPU processing power to mine digital currencies.

Even hackers are also using Coinhive like services to make money from compromised websites by injecting a script secretly.

Well, now the company is also looking ways to reimburse its users for the lost revenue due to breach.

How to Block Websites From Using Your CPU

Due to concerns as mentioned above, some Antivirus products have also started blocking Coinhive script to prevent their customers from unauthorised mining and extensive CPU usage.

Wordfence Coinhive Alert Image

For WordPress Website Owners WordFence Security Plugin blocks this Coinhive script and it also alerts website owners about this issue.

You can also install, No Coin Or minerBlock, open source browser extensions (plug-ins) that block coin miners.

If you liked this post, you might enjoy our newsletter. Receive new articles directly in your inbox:

Yes I agree to receive emails from Defenx Solution

Subscribe our Youtube Channel

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.