Cybercriminals added crypto mining scripts to hacked websites

Posted 27 October 2017 14:58 CEST by Jan Willem Aldershoff

Hackers have added scripts to hacked websites to mine cryptocurrencies. This way computers of unsuspecting visitors were abused to generate revenue for the cyber criminals. For users this can result in decreased performance of the computer or higher than expected electricity bills.

Security company Wordfence discovered that cryptocurrency mining scripts were silently added to several hacked Joomla and WordPress websites. In these cases the mining software was the popular Coin Hive script. Coin Hive runs in the browser and mines the anonymous cryptocurrency Monero by performing CPU intensive cryptographic calculations.

The hackers were able to access the Joomla and WordPress websites through known vulnerabilities that weren’t patched by the website administrators. Also compromised FTP and administrator accounts were used.

According to Wordfence the hackers gained access to only a handful of websites and the attackers was fairly unsophisticated but given the easy profit from scripts like Coin Hive, the company expects that similar attacks will become more and more popular. Wordfence estimates that when 1,000 would be mining in the browser, it would make cybercriminals about $2,400 a month.

Currently most antivirus products either first ask permission before it executes Coin Hive, or products block the script by default.

Recently also The Pirate Bay was in the news as it also added the Coin Hive script to its website, causing uproar amongst users.

Related content