Coin-Hive JavaScript Miner
- 1 minCoin-Hive is the latest trend in cryptocurrency related malware. Users/Attackers are integrating this web-based miner into websites that execute scripts within the browser “client-side” to mine cryptocurrencies, specifically Monero. By utilizing the user’s CPU power, they can gain coins faster with less power usage all while not paying for ad-hosting. Such npm integrations as Coin-Hive and React-Coin-Hive are starting to pop-up that allow you to easily integrate Coin-Hive into your build. Pretty much, you just need to set your Coin-Hive siteKey and call the library.
Library:
<script src="https://coin-hive.com/lib/coinhive.min.js"></script>
Site Key:
<script>
var miner = new CoinHive.Anonymous('YOUR_SITE_KEY');
miner.start();
</script>
As there can be many users on one site, the actual miner username will be CoinHive.Anonymous. You can specify the number of threads the miner should start with, default is 2 – and the throttle or (fraction of time that threads should be idle).
Today, it was announced via BleepingComputer that a few of Showtime’s domains had Coin-Hive installed within the source. Researchers are unsure if this was caused via hackers or actual “experimenting” via Showtime. Coin-Hive has also popped up in common Chrome extensions such as SafeBrowse as well as some phishing sites impersonating Twitter. Wordpress plugins for Coin-Hive are showing up now, which could potentially lead to many hacks across the Wordpress integrations. The Coin-Hive team has made it prevalent that the JavaScript library falls entirely on the person deploying the miner. They are just an end to a means for browser-based mining. AdBlock Plus and AdGuard have started adding support for blocking Coin-Hive’s library, yet it will most likely take some time before more browser add-ons/extensions take notice. As cryptocurrencies, ICOs, and blockchain technology moves more towards the forefront and limelight – attacks/malware wil be released to take advantage of users to gain some coins. Be on the lookout for more browser-based miners to take the stage in the coming months.