Cryptojacking Campaign Impacts Nearly 1,500 Websites

A security researcher discovered the source of a huge cryptojacking campaign after analyzing the code of hundreds of websites. A copy of the Coinhive in-browser cryptocurrency miner was found inside a JavaScript file used by LiveHelpNow, a live chat and support software platform that was being loaded on the websites.

Cryptojacking is a method of mining cryptocurrencies within browsers without a user’s consent. The method uses JavaScript on a web page to mine for cryptocurrencies. The JavaScript code that is responsible for the in-browser mining doesn’t need to be installed. Simply loading the affected page will run the in-browser mining code.

According to PublicWWW, almost 1,500 websites load the LiveHelpNow widget, a majority of which are online shops and homepages of private businesses. With Black Friday and the holiday shopping season approaching millions of users are expected to visit some of these websites.

Online retail stores Crucial and Everlast are the two most recognizable names on the list of websites loading the LiveHelpNow widget. Users accessing the affected websites will see their CPU usage shoot as Coinhive script mines the Monero cryptocurrency for another party.

The researcher also observed odd behavior in the way the script operates. A copy of the Coinhive-infected LiveHelpNow won't be sent to all of the website's visitors—a likely attempt to be stealthy or to rate limit, which is a way to control the rate of traffic sent or received by a network interface controller.

Cryptojacking has been gaining popularity over the past several weeks and has been spotted on major websites such as American politics fact-checking website Politifact, along with CBS-owned Showtime and Showtime Anytime websites.

Two months ago, The Pirate Bay was discovered using the computers of its visitors to generate coins for the Monero digital currency as a way to earn additional income. Most users gave the website flak over its lack of transparency in the implementation of the miner as they think they should have been given an option to donate CPU resources or not.

Trend Micro Solutions

Since cryptojacking can make affected computers and mobile devices unresponsive or cause them to slow down significantly, users can avoid it by downloading browser extensions that block cyrptojacking activities.

To better protect home users from crypto-mining malware and similar threats, the Trend Micro™ Smart Home Network solution features web protection and deep packet inspection capabilities. Also, Trend Micro™ Smart Protection Suites and Worry-Free™ Business Security protect end users and businesses from these threats by detecting and blocking malicious files and all related URLs. Trend Micro™ Smart Protection Suites deliver several capabilities like high fidelity machine learning, web reputation services, behavior monitoring and application control that minimize the impact of this threat.

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.