Cryptojackers have shut down university networks and government websites, but there was one case that attracted a lot of attention, and that is the use of Coinhive mining service focused on mining Monero.
With the closure of Coinhive it appeared that cryptojacking might be coming to an end. Coinhive was a cryptocurrency mining service that relied on a small chunk of computer code installed on websites. It released its mining code in 2017, pitching it as a way for website owners to earn an income without running intrusive or annoying advertisements. However, although Coinhive was not an inherently malicious code, it became popular among hackers for cryptojacking. The more people visited a site, the more processing power was siphoned off to mine Monero.
Coinhive malware
The platform had seemed like a good idea until the software went on to form the foundation of the notorious cryptojacking malware that ended up affecting millions of user devices, spiking electricity bills, and draining batteries to secretly and illicitly mine cryptocurrency, as Conor Maloney writes on CCN. Furthermore, as more and more criminals hacked sites and planted the Coinhive file, the issue shot completely out of control. Maloney writes: “Coinhive was listed as the world’s greatest online malware threat by cybersecurity firm Check Point for 15 consecutive months, and an estimated 5% of all Monero was mined through cryptojacking.”
Coinhive announced that it would be shutting down operations on 8th March 2019, and many thought that would be the end of intensive cryptojacking activity. However, Maloney points out that while the cryptojackers can’t turn to Coinhive anymore, they will look for other means of attack.
The Coinhive vacuum is waiting to be filled
Chris Dawson, Threat Intelligence Lead at Proofpoint, a security company, commented that Coinhive was far from the only cryptojacking malware on the market, adding “the fall of Coinhive leaves a power vacuum waiting to be filled,” as he told Maloney. Dawson sees a threat coming from other forms of malware, such as “banking trojans, credential stealers and pieces of malware which sit on machines.”
Others, such as Jerome Segura of Malwarebytes, believe the criminal industry is slowing down. He told ZDNet the criminal industry is slowing down: “There are still a lot of hacked sites with Coinhive code, but I have a feeling these are mostly remnants from past hacks. Most of what I see these days is CoinIMP [a Coinhive competitor] and it’s been active again with Drupal hacks recently. But overall, I think the trend is nearing out.”
Is Segura too optimistic? Ransomeware like WannaCry and Petya have dealt catastrophic blows, taking down services at hospitals, car factories, government facilities, and airports as well as infecting personal devices to extract a ransom that is usually payable in Bitcoin. And cryptojacking malware still exists — Cryptoloot being one example, the second most lethal after Coinhive. There is also Emotet, a banking Trojan, which can infect a computer as a malicious attachment and be used to spread other forms of malicious software, plus a host of password-collecting bots.
It may be good news that Coinhive has closed down, but we cannot be complacent and believe the threat of cryptojacking has gone away. As long as there is cryptocurrency for the taking, cryptojackers will be evolving their tactics for getting their hands on it, and we need to be more vigilant than ever.