Mozilla has announced that upcoming versions of Firefox will block all cross-site tracking, slow tracking scripts, and malicious miner and fingerprinting scripts by default. These new features will be rolled out over the coming months as part of three new initiatives.
A research paper published at the start of the month estimates that Coinhive, a service for in-browser cryptocurrency mining, often abused by cyber-criminals, is making around a quarter of a million US dollars per month in mined Monero.
Security researchers have unearthed a massive cryptojacking campaign that targets MikroTik routers and changes their configuration to inject a copy of the Coinhive in-browser cryptocurrency mining script in some parts of users' web traffic.
Chinese police have arrested 16 employees of a local IT company on charges of hacking after deploying cryptocurrency miners on thousands of computers at Internet cafes in 30 cities.
After the publication of two severe security flaws in the Drupal CMS, cybercrime groups have turned their sights on this web technology in the hopes of finding new ground to plant malware on servers and make money through illegal cryptocurrency mining.
With the launch of Unicef AU's TheHopepage.org, we may have seen the first good use for CoinHive's in-browser mining. Using an opt-in CoinHive in-browser mining page, Unicef is hoping that users will sacrifice some of their CPU for charities and it looks like it is paying off.
The angry userbase of pr0gramm.com, a German image board similar to Imgur, has donated over €103,000 ($126,000) to local cancer research organizations as a way to protest against an article published by Brian Krebs, an IT security journalist.
Cryptojacking actors find new ways to evade detection by antivirus solutions, ad blockers, and dedicated browser extensions.
Firefox engineers are working on a method to address the recent rise in usage of in-browser miners (cryptojacking scripts) that are, in most cases, ruining the web surfing experience of most users.
Three in-browser cryptocurrency mining scripts ranked first, second, and fourth in Check Point's most active malware top ten, outranking classic high-output malware distribution infrastructures such as spam botnets, malvertising, and exploit kit operations.
An advertising network is hiding in-browser cryptocurrency miners (cryptojacking scripts) in the ads it serves on customer sites, and has been doing so since December 2017, according to revelations made over the weekend by the Qihoo 360 Netlab team.
The use of browsers to mine for digital currency is becoming a major problem. With more and more sites incorporating in-browser mining scripts such as CoinHive and web extensions injecting them into web pages, people will continue to be affected by this attack. Thankfully, we can easily detect miners using the Chrome Task Manager.
There doesn't appear to be an end in sight for the cryptojacking scourge affecting all facets of the web right now.
Threat actors behind a malvertising campaign are explicitly targeting mobile web users, redirecting Android owners to websites where crooks mine Monero using the Coinhive service while the user is busy solving a CAPTCHA.
Thousands of sites were injected with a in-browser Monero miner today after a popular accessibility script was compromised. With 4, 275 sites affected, this included government websites such as uscourts.gov, ico.org.uk, & manchester.gov.uk.