According to PublicWWW, almost 1,500 websites load the LiveHelpNow widget, a majority of which are online shops and homepages of private businesses. With Black Friday and the holiday shopping season approaching millions of users are expected to visit some of these websites.
Online retail stores Crucial and Everlast are the two most recognizable names on the list of websites loading the LiveHelpNow widget. Users accessing the affected websites will see their CPU usage shoot as Coinhive script mines the Monero cryptocurrency for another party.
The researcher also observed odd behavior in the way the script operates. A copy of the Coinhive-infected LiveHelpNow won't be sent to all of the website's visitors—a likely attempt to be stealthy or to rate limit, which is a way to control the rate of traffic sent or received by a network interface controller.
Cryptojacking has been gaining popularity over the past several weeks and has been spotted on major websites such as American politics fact-checking website Politifact, along with CBS-owned Showtime and Showtime Anytime websites.
Two months ago, The Pirate Bay was discovered using the computers of its visitors to generate coins for the Monero digital currency as a way to earn additional income. Most users gave the website flak over its lack of transparency in the implementation of the miner as they think they should have been given an option to donate CPU resources or not.
Trend Micro Solutions
Since cryptojacking can make affected computers and mobile devices unresponsive or cause them to slow down significantly, users can avoid it by downloading browser extensions that block cyrptojacking activities.