Did you just hear about Bad Rabbit, the latest Ransomware attack? Well, it seems too old for a news now.
The latest in the bulletin is Coinhive, a well-known browser-based service that has suffered a hijack. As per reports, the DNS records of Coinhive have been compromised by hijackers, giving them an easy entry to steal the cryptocurrency mined via the project’s script.
What Is Coinhive?
Coinhive is a famous service that lets websites owners use its Monero-mining JavaScript code to earn revenue without blitzing visitors with ads.
Coinhive uses the CPU power of the visitor’s computer in order to mine cryptocurrency keeping 30% of the mined money. The rest of the money earned is given to the site owners. The entire process takes place only after the consent and knowledge of the visitor.
Must Read: How To Keep Your Data Safe From Hackers
The project, however, had to suffer a lot of problems in its initial stage, since the site owners succeeded in fooling visitors by using their script without their knowledge. Since the scheme was never disclosed to the visitors, it forced the ad blockers to block the initial script.
Due to these initial problems, attackers found an easy way to compromise websites and had themselves equip with the mining scripts to earn revenue.
The Latest News
Coinhive on Tuesday announced that its CloudFlare account was hijacked. CloudFlare is an account that lets Coinhive alter its DNS servers. This is done to substitute the official JavaScript code of Coinhive that is embedded in numerous websites with a nasty version.
https://coin-hive[.]com/lib/coinhive.min.js
Hacker Reused Leaked Password From 2014 Kickstarter Data Breach
It was reported that hackers reused a leaked password from the ‘Kickstarter’ data breach that happened in 2014. It is assumed that the password was used to gain access to the Coinhive’s CloudFlare account.
As said by Coinhive in a blogpost: “Tonight, Oct. 23th at around 22:00 GMT our account for our DNS provider (Cloudflare) has been accessed by an attacker. The DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third-party server.”
“This third-party server hosted a modified version of the JavaScript file with a hardcoded site key.”
“We have learned hard lessons about security and used 2FA and unique passwords for all services since, but we neglected to update our years old Cloudflare account.”
“We’re looking for ways to reimburse our users for the lost revenue tonight. Our current plan is to credit all sites with an additional 12 hours of the daily average hashrate,” they added. Conhive has given its users an assurance that their website data is secure and not been compromised.
As security measures, antivirus brands like Kaspersky and Malwarebytes have blocked Coinhive scripts. This will save customers from excessive CPU usage and unauthorized mining.
While hacking is not a new story in today’s date, Coinhive being hacked clearly highlights the loopholes in password-based security systems.
Must Read: 10 Common Techniques Used by Modern Day Hackers!
Even though there was 2 Factor Authentication used by Coinhive, attackers easily managed to hack it. This mainly happens because companies still lack a complete insight about cyber security. And this misleads them thinking that their security systems as secure enough to withstand hijacking, where on the contrary, their defense systems are nothing more than expensive patchworks which can be easily breached.