When yesterday I was reporting about the sudden outbreak of another global ransomware attack ‘Bad Rabbit,’ I thought what could be worse than this?
Hacker Reused Leaked Password from 2014 Data Breach
Apparently, hacker reused an old password to access Coinhive’s CloudFlare account that was leaked in the Kickstarter data breach in 2014.
“Tonight, Oct. 23th at around 22:00 GMT our account for our DNS provider (Cloudflare) has been accessed by an attacker. The DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third party server.” Coinhive said in a blog post today.
As a result, thousands of sites using coinhive script were tricked for at least six hours into loading a modified code that mined Monero cryptocurrency for the hacker rather than the actual site owners.
“We have learned hard lessons about security and used 2FA [Two-factor authentication] and unique passwords for all services since, but we neglected to update our years old Cloudflare account.”
Your Web-Browsers Could Be Mining Cryptocurrencies Secretly for Strangers
Coinhive gained media attention in last weeks after world’s popular torrent download website, The Pirate Bay, caught secretly using this browser-based cryptocurrency miner on its site.
Immediately after that more than thousands of other websites also started using Coinhive as an alternative monetisation model by utilising their visitors’ CPU processing power to mine digital currencies.
Even hackers are also using Coinhive like services to make money from compromised websites by injecting a script secretly.
Well, now the company is also looking ways to reimburse its users for the lost revenue due to breach.
How to Block Websites From Hijacking Your CPU to Mine Cryptocoins
Due to concerns mentioned above Antivirus products, including Malwarebytes and Kaspersky, have also started blocking Coinhive script to prevent their customers from unauthorised mining and extensive CPU usage.
- jQuery Official Blog Hacked — Stay Calm, Library is Safe!
- Nearly 2000 WordPress Websites Infected with a Keylogger
- CoinHive URL Shortener Abused to Secretly Mine Cryptocurrency Using Hacked Sites
- D-Link MEA Site Caught Running Cryptocurrency Mining Script—Or Was It Hacked?
- Cryptocurrency Mining Scripts Now Run Even After You Close Your Browser