Tag Archives: Monero

How Hacked Widgets Help Criminals Mine Monero

Covert cryptocurrency mining is shaping up to be the new mainstay of cybercrime. Crooks hack servers, personal computers, and mobile devices and take advantage of the infected hosts’ CPU or GPU to generate virtual coins without victims’ awareness. Even botnets consisting of numerous zombie machines are now used to perpetrate illegal mining activity on a large scale rather than spew out spam or hit online services with DDoS attacks.

This malicious moneymaking vector got a boost with the emergence of in-browser mining scripts, such as Coinhive. The following incidents that took place recently illustrate how serious this issue is becoming and how booby-trapped website widgets play into threat actors’ hands.

A massive cryptojacking wave took root on February 11, 2018, exploiting a popular widget called BrowseAloud. The malefactors were able to inject a surreptitious Monero miner into more than 4,200 Internet resources, including high-profile ones like the UK, U.S., and Australian government websites. In the aftermath of this compromise, the malicious script harnessed the processing power of visitors’ machines to mine cryptocurrency behind the scenes.

For the record, BrowseAloud is a tool by Texthelp Ltd. designed to enhance website accessibility for broader audiences via speech, reading and translation features. By adding this widget to sites, webmasters make sure people with dyslexia, visual disorders and poor English skills can participate and use their services to the fullest. Furthermore, the software helps site owners comply with various legal obligations, so no wonder it is widely used across the world and has become hackers’ target.

Reference: https://www.ccn.com/hacked-widgets-help-criminals-mine-monero/

News Outlet Salon is Mining Monero as an Alternate Revenue Source

Salon is the latest company to utilize CoinHive’s Monero mining script on their website. On Sunday, when readers utilizing ad-blockers visited popular news site Salon, they were faced with an interesting choice, foreign to the usual inquiry about disabling their ad-blocker. They could either disable their ad-blocker to continue to view content or opt-in to allow Salon to utilize their computer processing power to mine cryptocurrency. This is done using CoinHive’s embeddable script on their website, which is a JavaScript miner for Monero. In a blog post published the other day, Salon explains that diminishing ad revenue due to ad-blockers has led them to seek alternative means of monetizing their content. They also see the power in utilizing computer processing power over “reader’s eyeballs” for value-driven returns.

Reference: https://www.ccn.com/news-outlet-salon-mining-monero-alternate-revenue-source/

Hackers Injected Cryptocurrency Mining Malware

Earlier this week, hackers infiltrated Browsealoud, a free text-to-translation tool, and injected the Coinhive cryptocurrency mining malware script into the tool’s JavaScript codebase. Consequently, the estimated 4,275 websites using Browsealoud — including some operated by government agencies in the US and UK — became unwitting pawns in a cryptocurrency mining malware gambit, believed to be the largest-scale attack of its kind. When users visited the website, the Coinhive mining script automatically began harnessing the visitor’s computer processing power to mine anonymity-centric cryptocurrency Monero. However, perhaps due to the massive scale of the breach — and the fact that it targeted prominent government websites — the exploit was quickly discovered, and by the end of the day, Browsealoud creator Texthelp had suspended the service.

Reference: https://www.ccn.com/hackers-injected-cryptocurrency-mining-malware-into-4275-government-websites-they-only-made-24/

Salon Offers Readers Choice Between Ads and Mining Monero

Digital media publication Salon is offering its visitors an alternative to traditional online ads: allowing the site to use their computer processing power to mine cryptocurrency. In order to provide free content, Salon primarily depended on advertisements to run its servers, the company explained in a blog post published on Monday. However, digital ads are insufficient to fully pay for most media outlets – the site noted that ad revenue fell $40 billion from 1999 to 2010 – and Salon, in particular, has decided to offer users a new option to pay for content.

Reference: https://www.coindesk.com/salon-offers-users-choice-between-ads-and-mining-monero/

Katy Perry has joined the crypto craze

Perry’s nails are now decorated with 3D images of five cryptocurrencies superimposed over a background of US dollar bills: the currencies are Bitcoin, Ethereum, Litecoin, Stellar and Monero. The singer did not disclose the reasons behind her selection.

The post – captioned “$—CrYpTo ClAwS—$” – has managed to amass over 150,000 likes.

Perry has also tagged the Instagram accounts of all five cryptocurrencies – ethereum_updates, litecoinofficial, bit, stellarlumens and moneroofficial.

Reference:
https://cointelegraph.com/news/katy-perry-posts-her-new-crypto-claws-on-instagram