Cryptomining hijacking cases have been on the rise recently, with the latest example being that of BlackBerry Ltd.’s mobile website. A Reddit user “Rundvleeskroket”, about 5 days ago, discovered that the blackberrymobile.com website had a code from Coinhive embedded within which ran the Monero mining script service on the personal computing devices of the unsuspecting visitors. The Reddit user also notes that only one specific site was affected, and not country-specific sites.
Coinhive was quick to respond with a statement on Reddit – “Coinhive here. We’re sorry to hear that our service has been misused. This specific user seems to have exploited a security issue in the Magento web shop software (and possibly others) and hacked a number of different sites. We have terminated the account in question for violating our terms of service now.”
Such cryptomining code have been witnessed in the September in The Pirate Bay’s website, and then Showtime’s website. The boom in the value of cryptocurrencies is one of the reasons which drives the hackers and in cases, website owners to resort to unethical means to perform Monero mining.
The increasing instances of such cryptomining hijacking, with some estimates saying that more than 1000 sites being affected has led to at least one content delivery network Cloudfare Inc. to take a firm stand. In October, Cloudfare announced that it was banning the sites that were suspected to have cryptocurrency mining code embedded in their source code. Coinhive scripts have been predominantly seen in Android Apps, is now also targeting visitors to compromised websites.
Although the Coinhive script has since been removed from the affected BlackBerry website, there are no statistics available on how many visitors were affected, or on how much Monero was mined by the hackers involved in this hijacking. Going forward, users are recommended to closely monitor their device’s processor usage stats as it could be an indicator of mining activities.