- February 15, 2018
- Posted by: admin
- Category: IT Security
Coinhive Injections attack can often bypass antivirus detection.
Heimdal Security team has been monitoring the Coinhive malware for the past months. The recent information about Coinhive website injections is just the tip of the iceberg. Users are extremely exposed to the threat of hitting their computers directly.
Thousands of government websites, including the NHS, have been victims to script injections. The users visiting them have had their CPU hijacked to mine Monero currency for cybercriminals.
The intention behind Coinhive was originally positive, aiming to give content creators another stream of revenue.
“Our threat intelligence shows that these types of integrations have already happened. The problem is magnitudes larger than currently reported, especially because the script can be embedded into Internet Explorer. Users who are exposed via websites have only a limited mining window while the session is active. However, if run locally on the endpoint, the browser poses no such restrictions. Our intelligence shows that about 2% of corporate and consumer PCs are trying to connect to the servers – that’s a high number and there needs to be more awareness drawn to these issues, added Morten Kjaersgaard.
More information is available at https://heimdalsecurity.com/blog/coinhive-injections-threaten-users/