Coinhive Miner Emerges as the 6th Most Common Malware

The cryptocurrency miner Coinhive (Detected by Trend Micro as HKTL_COINMINE) made news in September after it was discovered that the EITest campaign was using it to trick victims into either paying for their services or handing out financial data via tech support scams. However, a new report reveals Coinhive's reach after it ranked the coin miner as the 6th most common malware in the world.

Coinhive works by providing website owners and operators a Javascript code that they can embed into their site. What this code does is that it covertly uses the website visitor's processing power to mine the Monero cryptocurrency. This presents a win-win situation for both sides, as Coinhive keeps a portion of the mined amount, while the website owner keeps the rest. Unfortunately, website visitors won't know that their processor is being used without their knowledge. While Coinhive itself is a legitimate company, its rather dubious method of operation often lends itself to abuse by malicious threat actors.

While cryptomining malware still lack the notoriety and visibility of other malware such as ransomware, this report proves that it is growing rapidly. One of the main attractions of cryptocurrency mining malware is that they are stealthy and often non-intrusive. The resulting decreased performance and latency can be annoying, but users are unlikely to find out that a miner like Coinhive is the cause. In addition, these types of malware present a great opportunity for profit, as each infected system essentially becomes a personal cryptocurrency miner for the attacker.

Defending against Coinhive

Users who want to prevent Coinhive from using their resources can block Javascript-based applications from running on their browsers. In addition, when it comes to social engineered schemes such as the one used by the EITest campaign, simple implementation of best practices can help prevent these kinds of attacks from being successful.

Regularly patching and updating software—especially web browsers—is a good idea in general, as it can mitigate the impact, not only of cryptocurrency malware but other malware that exploit vulnerabilities in a system

Users should also look into effective security solutions such as Trend MicroSmart Protection Suites and Worry-FreeBusiness Security, which protect end users and businesses from threats by detecting and blocking malicious files and all related URLs. Trend MicroSmart Protection Suites deliver several capabilities like high fidelity machine learning, web reputation services, behavior monitoring and application control that minimize the impact of this cryptocurrency miners and other threats.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.