SHOCKER - Coinhive URL Shortener Used for Crypto Mining Attacks

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
53,303
Security researches at Securi have identified hundreds of websites that have been utilizing the Coinhive URL shortener to mine cryptocurrency on unsuspecting user devices. What is the Coinhive URL shortener? I'm glad you asked. Coinhive describes it as this: “If you have an URL you’d like to forward your users to, you can create a cnhv.co shortlink to it. The user has to solves[sic] a number of hashes (adjustable by you) and is automatically forwarded to the target URL afterwards.”


In the URL shortener's intended form, end users would then be presented with a progress bar showing that Coinhive is now solving hashes on their device.

The plot thickens. Some denizens of cyberspace with less than scrupulous intentions (certain website owners / cyber criminals) have found a way to load the progress bar in an IFrame that sports an area of 1 pixel by 1 pixel with zero interaction from the end user. Essentially, the IFrame loads as a 1x1 pixel, no one sees the notification, resource usage jumps to 100%, and BAM! Someone else is making money at your expense. A list of some of the websites identified can be found here. Thanks to SCHTASK for the link and the story.
 
  • Like
Reactions: Aenra
like this

Aenra

Limp Gawd
Joined
Apr 15, 2017
Messages
191
I love the dripping irony, it just oozes off the screen. Deservedly so if i may say so. Don't stop writing in such a manner.

/glee

(my favorite so far is "Lisa Su speaks English". Just.. priceless)
 

BloodyIron

2[H]4U
Joined
Jul 11, 2005
Messages
3,439
This isn't going to be the last of this. I'm already envisioning further ways to abuse this... Hmmm... Maybe I'm in the wrong line of work...
 

Spidey329

[H]F Junkie
Joined
Dec 15, 2003
Messages
8,683
When will someone develop a counter-attack that has the server you're visiting mine for you while you're visiting?

That'd be a complex attack and have to exploit a serious vulnerability. It'd be more likely on services that allow you to execute code from the browser, such as online PHP/Python testers, since those take input from the user and execute in the backend. Problem is, the execution time is short, so you'd have to figure out a way to spawn another thread.


On a side note, I know someone who at one point was using the Amazon free tier to mine crypto, albeit slowly.
 

>GSXR<mrbusa

Weaksauce
Joined
Dec 13, 2005
Messages
121
I do not find it any more mischievous than many pay walls that get a user in the door and then slam it shut. Then there are the layered annoyances that are enabled on the list site this article references.
 
Top