Hacked Websites Mine Cryptocurrencies

[monkeymagick]

With the popularity of cryptocurrencies on the rise and value increasing, A current trend is injecting some malicious code into websites by unscrupulous webmasters and blackhats using JavaScript cryptocurrency miners. Sucuri blog takes a look into one of the more popular platforms being used, CoinHive which has been stealing precious cpu cycles from unsuspecting website visitors.

While the cryptocurrency miners for websites is a very new thing, there is nothing new in approaches that hackers use to abuse it. If something can be installed on a web site and monetized, hackers will do it on websites they compromise. Thus one of the best security practices for webmasters is to monitor integrity of their sites.

 

[BulletDust]

I read somewhere that apparently Adblock Plus is blocking these miners. I simply add the address of the miner to my hosts file and point it at local host.

 

[B00nie]

Much easier to block javascript unless exception added. Not to mention safer.

 

[Nenu]

I disable scripting unless absolutely necessary.
I also browse in a sandbox with limited permissions.
They can try

 

[ob1]

I typically run task manager on my 2nd monitor, (other stuff too like temps, evga thingy, etc), so I had seen some of these pop up from TPB recently and thought it was a problem with firefox. I think this will become more prevalent, even moving beyond mining into other stuff. I just hope the ads don't figure out a way to exploit these abilities...

 

[Poseur]

I agree with the commentator on the original story. If the user had a control to limit the amount of CPU and GPU load, I'd prefer this much more than actual ads. The websites get a tiny fraction of money and the user experience improves. Maybe we need a separate plug-in for this. Donate 10 million CPU cycles per page or something with a slider control. Uses less bandwidth too.