Naive CoinHive Injections
Denis Sinegubko Since CoinHive domain made it into many blacklists, attackers began avoiding linking to the hosted library file https://coinhive .com/lib/coinhive.min.js. Instead, they uploaded this file to…
Search Results
coinhive
20 posts
Cryptominers & WebAssembly in Website Malware
Cesar Anjos WebAssembly (also referred to as Wasm) is a binary instruction format that runs in the browser to enable high-performance applications on web pages and can…
Infected WordPress Site Reveals Malicious C&C Script
Krasimir Konov Bitcoin prices are down 60% year to date, trading far from the all-time highs of $69,000 seen last November. Some altcoins have plummeted even farther…
What is Cryptocurrency Mining Malware?
Stephen Johnston Cryptocurrency mining malware is typically a stealthy malware that farms the resources on a system (computers, smartphones, and other electronic devices connected to the internet)…
Hacked Website Threat Report – 2019
Rianna MacLeod The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop…
What is Cryptocurrency Mining Malware?
Brian Bautista Before we get into the details of “Cryptocurrency Mining Malware”, we need to understand first what cryptocurrency is and what miners are. What is Cryptocurrency?…
Malware Campaigns Sharing Network Resources: r00ts.ninja
Luke Leal We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign…
CoinImp Cryptominer and Fully Qualified Domain Names
We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period). E.g. “www.example.com”, where “www”…
JQuory: Cryptomining in Nulled Themes and Plugins.
Three months ago b>@ninoseki</b revealed a group of sites with cryptomining scripts inside jquory.js files (yes, jquory instead of jquery). Coinhive(“I2OG8vGGXjF7wMQgL37BhqG5aVPjcoQL”) is trigged by “jquory.js”.…
An Old Trick with a New Twist: Cryptomining Through Disguised URL Shorteners
As we have previously discussed on this blog, surreptitious cryptomining continues to be a problem as new methods emerge to both evade and hasten the…
GitHub Hosts Infostealers Part 2: Cryptominers and Credit Card Stealers
Update – March 28th, 2018: The fake Flash update files referenced in this post have been moved from GitHub to port.so[.]tl, and the bit.wo[.]tc script…