Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Real Mad-quid: Murky cryptojacking menace that smacked Ronaldo site grows


grimm

Recommended Posts

They’re taking our processor cycles

Cryptojacking is well on its way to becoming a new menace to internet hygiene.

In some cases internet publishers are making money by using the spare processor cycles of visiting surfers to mine cryptocurrency, but in other incidents, hackers have planted JavaScript that covertly takes over the systems – a process that has become known as cryptojacking.

Dodgy code capable of running the trick surfaced on TV channel Showtime.com late last month before it appeared on the official website of Portugal and Real Madrid football star Cristiano Ronaldo last week.

Both incidents were associated with code called Coinhive, which was mining a digital currency called Monero. The Pirate Bay deliberately planted mining code on its site before owning up to the "test" some time later. In other cases, the mining was either the byproduct of malicious adverts or run via legitimate but compromised websites, as in both the Showtime and Cristiano Ronaldo cases.

Only diligent nagging by security researcher Troy Mursch (@bad_packets) over several days to the developers behind the Ronaldo site secured the admission that the script wasn't put there by them and the suggestion to talk to CR7's management company.

Ronaldo's people have yet to respond directly to The Register's repeated requests for comment. "Since the code on @
cristiano's was unthrottled, it was probably miscreants," Mursch told El Reg.

The amount to be made for criminals is normally quite small, perhaps into the thousands of dollars. High traffic sites would be able to generate a lot more through legitimate advertising.

For miscreants, cryptojacking offers a number of advantages even though it's less lucrative than serving up malicious ads that sling either malware or tech support scams.

Although some experts argue that crypto mining is a form of theft, it has the advantage of being much less likely to generate complaints. The technology exists in a grey area made more obscure because of the difficulty of knowing whether or not code is there with the permission of website owners or not. The presence of the code on sites does not affect their core functionality.

Coinhive touts itself as a way for website owners to quickly set up mining by using their JavaScript API. The technology is already being widely abused, as explained in a blog post by Malwarebytes 
here.

A list of sites running Coinhive can be found 
here. Another scripting nasty, dubbed CryptoLootMiner, has surfaced in other incidents.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Check out what our members are saying

  • Our picks

×
×
  • Create New...