Several months ago, reports surfaced claiming that CBS-owned Showtime was allegedly accessing the processors of PCs visiting two of its websites to secretly mine virtual coins. The process is called “cryptojacking,” and relies on code embedded in a website that silently runs mining software within the visitor’s browser. It’s a growing problem, and a recent report indicates that it’s even spreading across legitimate ecommerce sites, generating virtual money in the background while you spend real-world cash.
But in a report provided by independent security researcher Willem de Groot, he found at least 2,496 online stores running CoinHive in the background. Even more, 80 percent of these online shops were likely not running the mining software on purpose, as he discovered they were also infected with malware that steals payment information during transactions, also known as “payment skimming.”
Groot also notes that out of the 2,496 infected ecommerce sites, 85 percent were linked to a mere two CoinHive accounts, and the remaining 15 percent were connected to multiple unique accounts linked to the ecommerce companies. Groot believes that the bulk of the infected sites are running outdated ecommerce software with well-known software vulnerabilities, enabling hackers to inject these sites with CoinHive and payment skimming malware.
“Some sites bluntly include the official coinhive.js file, others are more stealthy,” he reports. “Others disguise as Sucuri Firewall.”
To prevent sites from hijacking your processor for digital coin mining, you can use stand-alone software with a built-in ad-blocker, or install a similar plugin within the browser. Another method is to edit the “hosts” file located in the “windows\system32\drivers\etc” directory with Notepad to add “coin-hive.com” and “coinhive.com” on the blocked list.