For those who don’t know what Coinhive is, this is their intro on their website :
However, websites using such crypto-miner services can mine cryptocurrencies as long as you're on their site. Once you close the browser window, they lost access to your processor and associated resources, which eventually stops mining. Unfortunately, this is not the case anymore. Security researchers from anti-malware provider Malwarebytes have found that some websites have discovered a clever trick to keep their cryptocurrency mining software running in the background even when you have closed the offending browser window. This stealth technique is performed by hiding a small Web Browser in the corner of the user's window, as can be see by the screenshot provided by Malwarebytes, shown below.
Many websites are choosing to use Coin Miners over advertisements to provide a cleaner user interaction while still maintaining revenue stream. However, the legitimate companies who are proceeding this way are typically informing their user base of the risk of Coin Miners and giving them ability to opt out of the excess workload.
On the other hand, any websites that are currently affected by Stored Cross-Site Scripting (XSS) attacks could easily have these coin miners injected onto their web applications for future unsuspecting users are targeted for the excess workload.
The screenshot below might be difficult to understand at first glance, but the premise works as follows. The victim in purple requests data from a legitimate server using their local web browser. However, the legitimate web server has been attacked by the attacker in pink, which has injected malicious script that is stored on the back end of the legitimate server. Now when, the victim in purple requests the data from the server the additional script gets loaded, and the victim's browser will start mining for coins.
Preventing Coin Miners
There are several tools that you can make use of web browser extensions, like No Coin, that automatically block in-browser cryptocurrency miners for you, and regularly update themselves with new mining scripts that come out.Created by developer Rafael Keramidas, No Coin is an open source extension that blocks Coin Hive and other similar cryptocurrency miners and is available for Google Chrome, Mozilla Firefox, and Opera.
No Coin currently does not support Microsoft Edge, Apple Safari, and Internet Explorer. So, those using one of these browsers can use an antimalware program that blocks cryptocurrency miners.
Stay vigilant out there! Until next time!