CoinImp Cryptojacking

The CoinImp (h[tt]ps://www.coinimp[.]com) browser-based cryptocurrency miner is a program written in JavaScript that is proposed as a direct rival to Coinhive (h[tt]ps://coinhive[.]com). The development of CoinImp shares many of the ideas behind Coinhive, but its developers claim to be more secure and efficient in many ways. The CoinImp miner is integrated into sites the same way as Coinhive — site owners are directed to add the following code snippet before the tag of a page's HTML code:

A researcher named Troy Mursch used his site,, to publish a detailed report on the activity associated with CoinImp and stated that the program connects to servers on:

  • www.hashing[.]win
  • www.freecontent[.]bid
  • webassembly[.]stream

There is a Difference Between Site Monetization and Cryptojacking

Site owners may take advantage of what CoinImp offers and transition to an ad-free experience if their visitors agree to dedicate a portion of their processing power to cryptocurrency mining. CoinImp is designed to mine for Monero (XMR) coins and enable site owners to monetize Web traffic on their pages including shortened links and referral links. Unfortunately, threat actors take advantage of the CoinImp programs to make easy money from exploiting compromised sites. In many cases, the site owners are unaware of the security incident because the CoinImp miner runs most of the code on the visitor's machine. A definition given by states:

'Cryptojacking is defined as the secret use of your computing device to mine cryptocurrency.
Cryptojacking used to be confined to the victim unknowingly installing a program that secretly mines cryptocurrency.
Here’s the bad news…
In-browser cryptojacking doesn’t need a program to be installe

The CoinImp Cryptojacking campaign is reported to run on 4,119 sites at the time of writing. Threat actors who run CoinImp Cryptojacking campaigns may gain access to targeted websites by exploiting vulnerabilities in old versions of Content Management Systems, remote access portals, WordPress plug-ins and the Webshop software.

You can Install Free Tools to Minimize Exposure to Cryptojacking

Regular PC users looking to avoid crypto-jacking sites may wish to install the 'No Coin' extension by Keraf at[.]com/webstore/detail/no-coin-block-miners-on-t/gojamcfopckidlocpkbelmpjcgmbgjcl, which has a version for Mozilla Firefox that can be found at Addons.mozilla[.]org/en-US/firefox/addon/no-coin. The 'NoScript Security Suite' ( h[tt]ps://noscript[.]net — supported on Chrome and Firefox) is said to include rules for blocking network requests to known mining pools and domains associated with untrusted cryptocurrency miners. A more direct way to block crypto-jacking attempts is to block domains and IPs via editing the HOSTS file on Windows manually, but that should be an option for advanced Windows users who know what they are doing.

In most cases, browser extensions and Internet browser vendors should be able to help you defend against cryptojacking campaigns. You should read our articles on the other top five cryptojackers for 2017 — deepMiner, Minr, Crypto-Loot and Coinhive. If your CPU is loaded at 70% or more when you are merely surfing the Internet, listening to music or reading a book it is likely you are infected with some variant of the XMRig CPU Miner. It is best to remove CPU miners on your system with the help of a reputable anti-malware solution.


Most Viewed