If you think back to last year, Coinhive was everywhere. The service offered any website an arguably legitimate way of generating income that didn’t rely upon online adverts.
Predictably, criminals saw an obvious opportunity to make money. They took advantage of sloppy security, hacking websites to earn an easy crust.
In one infamous case, thousands of government websites in the UK and United States — including the Information Commissioner’s Office (ICO) and USCourts.gov — were simultaneously hijacked to run Coinhive cryptomining code by hackers who had managed to poison a popular accessibility plugin called “BrowseAloud.”
Malicious hackers also used Coinhive’s code to cryptojack hundreds of thousands of unpatched IoT devices.
Although traditional ads were unpopular with web surfers, few consumers felt okay about a browser cryptominer running in the background. After all, it was their computer’s CPU power and resources that were being used to line the pockets of others, and if the website or cryptojacker was greedy, it would be all too obvious that something odd was afoot through the rising fan noise.
It didn’t take long for security products and browser plugins to begin to warn users of the existence of cryptomining code on a webpage. Some even blocked it the same way one might block an unwanted banner ad.
One of the reasons why Coinhive (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/coinhive-browser-cryptomining-service-dead/