Cryptojacking found on 2496 online stores

Does your laptop get hot when visiting your favorite shop? You computer is likely mining cryptocurrencies to the benefit of a cyberthief.

Cryptojacking disguising as Sucuri

Cryptojacking - running crypto mining software in the browser of unsuspecting visitors - is quickly spreading around the web. And the landgrab extends to online stores. The infamous CoinHive software was detected today on 2496 e-commerce sites.

Skimming and cryptomining, a golden match

Now, it does not seem likely that the legitimate store owners wanted to earn a few extra bucks and have added CoinHive themselves. I found that 80% of cryptomining stores also contain payment skimming malware. Apparently, cyberthieves are squeezing every penny out of their confiscated assets.

Spread fuelled by just a few individuals

As CoinHive requires a unique ID, we can analyze the distribution of crypto thieves. Out of 2496 infected stores, 85% is linked to only 2 CoinHive accounts, while the remaining 15% is spread out over unique CoinHive accounts. Because the tag added to this remaining 15% segment is consistenly the site’s name, my guess is that this cryptojacking surge on online stores can be attributed to just 3 individuals or groups.

Well hidden

Some sites bluntly include the official coinhive.js file, others are more stealthy and include an iframe that points to siteverification.online. This site shows a default Debian installation page but include a cryptominer nevertheless. Yet others disguise as Sucuri Firewall.

Fix for your browser

Use an adblocker or install a Chrome plugin or add 127.0.0.1 coin-hive.com coinhive.com to your hosts file.

We have added detection signatures to our eCommerce security scanner.

Stay ahead of eCommerce hacks,
protect your store today!

Sansec forensic experts were the first to document large scale digital skimming in 2015. Since then, we have investigated thousands of hacked stores. Our research of the latest attack vectors protects our customers around the world. Our anti-skimming technology and data are used by merchants, forensic investigators, financial anti-fraud teams and service providers

Try our malware scanner