Coinhive Miner Emerges as the 6th Most Common Malware

The cryptocurrency miner Coinhive (Detected by Trend Micro as HKTL_COINMINE) made news in September after it was discovered that the EITest campaign was using it to trick victims into either paying for their services or handing out financial data via tech support scams. However, a new report reveals Coinhive's reach after it ranked the coin miner as the 6th most common malware in the world.

Coinhive works by providing website owners and operators a Javascript code that they can embed into their site. What this code does is that it covertly uses the website visitor's processing power to mine the Monero cryptocurrency. This presents a win-win situation for both sides, as Coinhive keeps a portion of the mined amount, while the website owner keeps the rest. Unfortunately, website visitors won't know that their processor is being used without their knowledge. While Coinhive itself is a legitimate company, its rather dubious method of operation often lends itself to abuse by malicious threat actors.

While cryptomining malware still lack the notoriety and visibility of other malware such as ransomware, this report proves that it is growing rapidly. One of the main attractions of cryptocurrency mining malware is that they are stealthy and often non-intrusive. The resulting decreased performance and latency can be annoying, but users are unlikely to find out that a miner like Coinhive is the cause. In addition, these types of malware present a great opportunity for profit, as each infected system essentially becomes a personal cryptocurrency miner for the attacker.

Defending against Coinhive

Users who want to prevent Coinhive from using their resources can block Javascript-based applications from running on their browsers. In addition, when it comes to social engineered schemes such as the one used by the EITest campaign, simple implementation of best practices can help prevent these kinds of attacks from being successful.

Regularly patching and updating software—especially web browsers—is a good idea in general, as it can mitigate the impact, not only of cryptocurrency malware but other malware that exploit vulnerabilities in a system

Users should also look into effective security solutions such as Trend Micro™ Smart Protection Suites and Worry-Free™ Business Security, which protect end users and businesses from threats by detecting and blocking malicious files and all related URLs. Trend Micro™ Smart Protection Suites deliver several capabilities like high fidelity machine learning, web reputation services, behavior monitoring and application control that minimize the impact of this cryptocurrency miners and other threats.

Contact Us Form

We value your privacy. All information is kept strictly confidential.

Telephone: +1210-200-6262
Address: 2302 Fannin St, Houston, TX 77002
Houston MBDA Business Center

Copyright © 2020 TrackMyBTC. All rights reserved.