Obfuscated Coinhive Shortlink Exploited by Hackers to Mine Cryptocurrencies

0
78

Security experts reported that instead of injecting the CoinHive JavaScript miner straight into compromised websites, hackers leverage an alternative scheme to mine cryptocurrencies.

Additionally, CoinHive provides an “URL shortener” service letting users create a short link for any URL with. The difference with the similar services is that this one introduces a delay so that it can mine Monero cryptocurrency for an interval of time before redirecting users to the original URL.

As the redirection time is adjustable via CoinHive’s settings, the crooks can force visitors’ web browsers to mine cryptocurrency for a longer period.

Security researchers found that numerous legitimate websites have been hacked by attackers to load short URLs generated using the CoinHive service through a hidden HTML iFrame. By doing so, the crooks attempted to force visitors’ browsers into mining cryptocurrencies.

Due to the fact that it doesn’t leverage on the injection of CoinHive’s JavaScript in the compromised websites, the alternative mining scheme appears to be a novelty in the threat landscape.

The security experts linked this last campaign to a malware campaign registered by Sucuri researchers in May, this year.

Hackers add an obfuscated javascript code into the compromised websites, and this code is used to dynamically injects an invisible iframe (1×1 pixel) into the webpage once it’s loaded on the web browser. Then, the webpage automatically starts mining cryptocurrency until the CoinHive short-link service redirects the user to the original URL.

In addition, the crooks inject hyperlinks to other compromised websites to manipulate victims to download cryptocurrency miners for desktops disguised as legitimate software.

“In this campaign, we see infrastructure used to push an XMRig miner onto users by tricking them into downloading files they were searching for online,” the security experts say.

“In the meantime, hacked servers are instructed to download and run a Linux miner, generating profits for the perpetrators but incurring costs for their owners.”

SHARE
Nelly Vladimirova
Nelly Vladimirova has been working as a journalist since 1998 with a main focus on Finance, Economics, and IT. In 2004 she graduated the University of Plovdiv, Bulgaria, as a Bachelor in English Philology and Master in Linguistics and Translation. Later, Nelly received a postgraduate certificate in Business Management from Scott's College, UK. Presently, she is presenting the latest news related to computer security at www.virusguides.com.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Time limit is exhausted. Please reload CAPTCHA.