dcsimg

Cryptojacking in the post-Coinhive era

September 2017 is widely recognized as the month in which the phenomenon that became cryptojacking began. The idea that website owners could monetize their traffic by having visitors mine for cryptocurrencies in their browser was not new, but this time around it became mainstream, thanks to an entity known as Coinhive. The mining service became a household name overnight, and quickly drew ire … [Read more...]

Fake browser update seeks to compromise more MikroTik routers

This blog post was authored by @hasherezade and Jérôme Segura. MikroTik, a Latvian company that makes routers and ISP wireless systems, has been dealing with several vulnerabilities affecting its products’ operating system over the past few months. Ever since a critical flaw in RouterOS was identified in late April 2018, attacks have been going on at an alarming rate, made worse when … [Read more...]

Obfuscated Coinhive shortlink reveals larger mining operation

During the past several months, in-browser mining has continued to affect a large number of websites, predominantly relying on Coinhive’s infamous API. We documented several campaigns on this blog, in particular Drupalgeddon, where attackers are taking advantage of vulnerabilities in popular Content Management Systems (CMS) to compromise websites and push payloads both client- and … [Read more...]

Malicious cryptomining and the blacklist conundrum

When Coinhive first came out in September of 2017, it was fairly easy to identify websites using browser miners by looking for a few lines referencing the Coinhive API within the HTML source code. Because this was a new phenomenon, even bad actors didn’t have to hide their intentions, and collecting statistics was a fairly straightforward and accurate process. But as ad blockers and security … [Read more...]

The state of malicious cryptomining

While cryptocurrencies have been around for a long time and used for legitimate purposes, online criminals have certainly tarnished their reputation. Unfortunately, the same benefits offered by these decentralized and somewhat anonymous digital currencies were quickly abused to extort money, as was the case during the various ransomware outbreaks we’ve witnessed in the last few years. As the value … [Read more...]

Deepfakes FakeApp tool (briefly) includes cryptominer

A few weeks ago, we took a look at a forum dedicated to Deepfake clips where the site was pushing Coinhive mining scripts in the website’s HTML code. As it turns out, there’s been another mining blow-out in the form of one of the apps used to make the fakes. That’s right—a tool designed to push CPU/GPU hard in order to create movie files also wanted you to push the GPU that much … [Read more...]

Drive-by download campaign targets Chinese websites, experiments with exploits

During our web crawls we sometimes come across bizarre findings or patterns we haven’t seen before. This was the case with a particular drive-by download attack planted on Chinese websites. While by no means advanced (it turned out to be fairly buggy), we witnessed a threat actor experimenting with several different exploits to drop malware. For years we have cataloged thousands of Chinese … [Read more...]

Drive-by cryptomining campaign targets millions of Android users

Malvertising and online fraud through forced redirects and Trojanized apps—to cite the two most common examples—are increasingly plaguing Android users. In many cases, this is made worse by the fact that people often don’t use web filtering or security applications on their mobile devices. A particular group is seizing this opportunity to deliver one of the most lucrative payloads at the … [Read more...]

Drive-by cryptomining campaign targets millions of Android users

Malvertising and online fraud through forced redirects and Trojanized apps—to cite the two most common examples—are increasingly plaguing Android users. In many cases, this is made worse by the fact that people often don’t use web filtering or security applications on their mobile devices. A particular group is seizing this opportunity to deliver one of the most lucrative payloads at the … [Read more...]

Bank robbers 2.0: digital thievery and stolen cryptocoins

Imagine running down the street (and away from law enforcement) with 2,000 pounds of gold bars. Or 1,450 pounds in $100 bills. With both of these physical currencies amounting to roughly US$64 million, you’d be making quite a steal…if you could get away with it. That’s exactly what the next generation of thieves—bank robbers 2.0—did in December 2017, when they stole more than $60 … [Read more...]