Coinhive Cryptojacking

PC security researchers have uncovered tens of thousands of websites compromised with malware designed to use the victims' resources to mine crypto-currency. The Coinhive cryptojacking is one of the tactics that has been used to take over thousands of these websites to generate revenue at the expense of the computer users. Coinhive cryptojacking seems to be the most widespread of these tactics, accounting for more than 80 percent of all recorded infections involving these threats in the last month. There are more than 40,000 websites that have been affected by Coinhive cryptojacking, up from at least 30,000 that were observed in the Fall of 2017. Even legitimate websites, including public service and government website, may be running Coinhive in the background silently. To protect yourself from these attacks, it is easier to use an updated Web browser and a strong security product with real-time protection against unsafe software and scripts. Website administrators should ensure that their Web servers and pages are well protected, featured the latest security updates, have strong passwords and other security protections.

What is the Use of Coinhive Cryptojacking and Similar Tactics

Crypto-currency uses the computing power to generate revenue. The cybercriminals may often use bad scripts to hijack the victims' computers to mine crypto-currency. All that is necessary is a few lines of code to add scripts to a website that will attempt to use the visitors' and the websites' resources to mine coins and generate revenue for the attackers. Coinhive uses a code that is freely available on code repositories, which puts these attacks in the hands of anyone with the resources and ill-will to carry out them. Coinhive cryptojacking is not the only malware that uses this tactic, and there are other threats inspired by Coinhive or similar to this malware being used to carry out attacks on victims.

The Third Parties that Provide Coinhive Services

The attackers may be carrying Coinhive by hiring the services of a provider that will enable these attacks while saving the attackers many of the downsides of having to manage the logistics of the attacks. The crypto-currency industry and increased awareness of the public have meant that there are now several malware platforms emerging to carry out these attacks on unsuspecting computer users. Because of the increased prevalence of these services and resulting competition, there are even free platforms to help the cybercriminals carry out these attacks. Whether Coinhive attacks are legitimate or not is hotly contested since there is a viewpoint that these scripts could enable websites to monetize their content while moving away from the traditional advertisement model.

Estimating the Number of Websites that may be Affected by Coinhive Cryptojacking

Since there is public data related to Coinhive attacks, it is possible to find that the Coinhive attack has affected more than 500 websites easily, resulting in tens of thousands of affected computer users. Coinhive cryptojacking has the characteristics of an initial wave of crypto-jacking, which was quite simple. Initially, the cybercriminals would simply inject Coinhive scripts into the targeted websites. As Coinhive developed, people carrying out these attacks started adding obfuscation and hosting the Coinhive scripts on third-party websites. Now, PC security researchers have observed that the technology behind Coinhive has become open source, and new platforms and variants of Coinhive are appearing and being put into use to generate revenue at the expense of the computer users. There may be legitimate uses for Coinhive, but we hope that the developers can find ways to distance this from the bad actors.


Most Viewed