Even With Shutdown Of Coinhive, One Million Crypto-Jacking Attempts Are Thwarted Each Day By Malwarebytes
Crypto-jacking is just another in a long like of options that hackers can use to steal funds and information from unsuspecting entities. A crypto mining script called Coinhive was shut down earlier in 2019, but that does not mean that the jackers somehow went away too. In fact, there are still many devices that were infected with Coinhive’s software that are working hard to mine cryptocurrency under the radar, according to reports from The Next Web’s Hard Fork.
Malwarebytes, a cybersecurity firm, recently posted their own figures regarding crypto-jacking, discovering that over 200,000 requests were issued to connect with the Coinhive network, right after shutdown. However, the firm blocked these attempts, and the ongoing attempts have begun to dwindle. As of last week, the average has gone down to about 50,000 attempts daily. Malwarebytes has also been able to block over a million requests per day for crypto mining from CoinLoot. CoinLoot was one of Coinhive’s biggest competitors.
Over 400,000 MikroTik routers were reportedly infected by crypto-jacking scripts late last year. However, research this year shows that there are still many scammers that are trying to connect with the Coinhive network on a daily basis. Since Coinhive is out of service, the infected websites and routers are left with no way to connect and no way to mine cryptocurrency.
A new miner, WebMinePool, has started targeting the routers that were formerly infected by the scripts run by Coinhive, according to research from Malwarebytes.
With the figures, it looks like CryptoLoot is still very much a part of crypto-jacking work. Malwarebytes has continued to block the million requests that come in to connect with CryptoLoot daily for the last two months. The majority of these requests are from the United States, Canada, and Australia.
Jérôme Segura, Head of Threat Intelligence at Malwarebytes, said that crypto-jacking is much like a short-lived gold rush, considering that there are many opportunities for scammers that are more profitable. Web miners are not going anywhere soon, especially considering the traffic for certain websites. Instead, Segura believes that there will be new forms since the Q1 report calls crypto-jacking “essentially extinct.”
Last month showed multiple reports that have seen a mining malware called Beapy, which would end up targeting institutions for illicit crypto mining. As these threats continue, tech companies are getting better at providing protection for years. Mozilla, for example, has created a new protocol that basically blocks these types of scripts for users. Perhaps research companies will be able to examine how effective the protocols are as they deter these crypto miners.
To view the full blog from Malwarebytes, visit https://blog.malwarebytes.com/cybercrime/2019/05/cryptojacking-in-the-post-coinhive-era/.