Coinhive Injections Are An Understated Threat Against Home And Corporate Users
This kind of attack can often bypass antivirus detection
Heimdal Security has been monitoring the Coinhive malware for the past months. The recent information about Coinhive website injections is just the tip of the iceberg. Users are extremely exposed to the threat of hitting their computers directly.
Thousands of government websites, including the NHS, have been victims to script injections. The users visiting them have had their CPU hijacked to mine Monero currency for cybercriminals.
The recent media mentions surrounding injected Coinhive scripts are widespread but widely understate the magnitude of the problem.
says Morten Kjaersgaard, CEO of Heimdal Security.
The intention behind Coinhive was originally positive, aiming to give content creators another stream of revenue.
Our threat intelligence shows that these types of integrations have already happened. The Coinhive problem is magnitudes larger than currently reported, especially because the script can be embedded into Internet Explorer.
Users who are exposed via websites have only a limited mining window while the session is active. However, if run locally on the endpoint, the browser poses no such restrictions.
Our intelligence shows that about 2% of corporate and consumer PCs are trying to connect to the Coinhive servers – that’s a high number and there needs to be more awareness drawn to these issues,
added Morten Kjaersgaard.