Three in-browser cryptocurrency mining scripts ranked first, second, and fourth in Check Point's most active malware top ten, outranking classic high-output malware distribution infrastructures such as spam botnets, malvertising, and exploit kit operations.
An advertising network is hiding in-browser cryptocurrency miners (cryptojacking scripts) in the ads it serves on customer sites, and has been doing so since December 2017, according to revelations made over the weekend by the Qihoo 360 Netlab team.
There doesn't appear to be an end in sight for the cryptojacking scourge affecting all facets of the web right now.
Threat actors behind a malvertising campaign are explicitly targeting mobile web users, redirecting Android owners to websites where crooks mine Monero using the Coinhive service while the user is busy solving a CAPTCHA.
Thousands of sites were injected with a in-browser Monero miner today after a popular accessibility script was compromised. With 4, 275 sites affected, this included government websites such as uscourts.gov, ico.org.uk, & manchester.gov.uk.
Almost 50% of all cryptojacking scripts (in-browser miners) are deployed on adult-themed sites, according to new numbers released this week by Qihoo 360's Netlab division.
A change meant to improve Google Chrome performance will also indirectly impact cryptojacking scripts (in-browser cryptocurrency miners) and will severely reduce their efficiency.
Just three months after Princeton researchers were warning users of the dangers of "session replay" attacks, developers of malicious Chrome extensions have incorporated this "trick" into their latest "releases."
Some smart crooks found a way to insert and deliver the Coinhive in-browser miner inside ads delivered via the Google DoubleClick ad delivery platform. Ads delivered this way made their way on countless sites, and even on Google's own property —YouTube.
Security researchers have discovered over 2,000 WordPress sites —possibly more— infected with a keylogger that's being loaded on the WordPress backend login page and a cryptojacking script (in-browser cryptocurrency miner) on their frontends.
A Chrome extension with over 105,000 users has been deploying an in-browser cryptocurrency miner to unsuspecting users for the past few weeks.
The cryptojacking trend is not showing any signs of stopping anytime soon, and recent reports highlight some peculiar new ways that miscreants have found for pushing in-browser miners down their users' throats.
Nearly 5,500 WordPress sites are infected with a malicious script that logs keystrokes and sometimes loads an in-browser cryptocurrency miner.
The operator of at least one website has been spotted using small windows hidden under the user's Windows taskbar to continue to operate an in-browser miner even after the user closed the main browser window.
Security is a round-the-clock affair. Instead of spending Thanksgiving with family and friends, Las Vegas-based security researcher Troy Mursch was busy all day digging into the code of hundreds of websites to discover the source of a massive cryptojacking campaign that was set in motion today.
A free-to-use script that helps website owners show EU cookie consent popups is dropping an in-browser cryptocurrency miner on websites that use it.
The in-browser cryptojacking craze that has taken over the Internet is getting worse by the day and more and more sites are implementing such systems, intentionally or after getting hacked.
Google Chrome engineers are considering adding a special browser permission that will thwart the rising trend of in-browser cryptocurrency miners.