In two different incidents, security of high profile platforms was compromised. These platforms include jQuery and CoinHive.
According to The Hacker News, there is no evidence whether the server (code.jquery.com) that host jQuery file was also compromised. Remember, although WordPress is used by millions of website the platform is also known for critical zero-day security flaws.
Therefore, it is quite possible if hackers didn’t hack Silber’s account and might have exploited some security flaw in WordPress that is unknown to its developers. Here’s a screenshot of the deface page taken before jQuery deleted the blog post published by hackers:
At the time of publishing this article; the article post published by hackers was removed.
TPB was using cryptocurrency mining code provided by CoinHive, which is neither a virus nor a trojan but security community consider it unethical to be used without informing site visitors. However, with its growing popularity, it became a prime target of hackers on 23rd Oct when CoinHive’s DNS was hijacked to mine cryptocurrency on thousands of websites.
CoinHive also acknowledged the hack and wrote a blog post explaining that “Tonight, Oct. 23th at around 22:00 GMT our account for our DNS provider (Cloudflare) has been accessed by an attacker. The DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third party server.”
Culprit: The leaked password
CoinHive team further explained that the attackers were successful in hijacking their CloudFlare account by using a password that was leaked in Kickstarter breach back in 2014. This means CoinHive didn’t change its Cloudflare’s account password since last three years.
“We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old CloudFlare account,” said CoinHive.
Your favorite site might be using your CPU to generate cryptocurrency
As mentioned above, The Pirate Bay was secretly running CoinHive’s cryptocurrency mining script. In response, the TPB team claimed it was a 24 hours test for alternative advertising, but a month later, the site was again caught secretly using CPU power of its visitors to generate digital currency.
One month ago again, two websites owned by CBS’s ShowTime were caught mining cryptocurrency using CPU of its visitors. That’s not it; researchers also discovered that hackers are infecting mods belonging to popular Grand Theft Auto V (GTA 5) video game with malware that uses user’s PC to generate digital coins.
Another report discovered that hackers are compromising websites and embedding cryptocurrency mining scripts in them to make money without the knowledge of website owners. Therefore users are urged to remain vigilant and check (by checking the site’s source code) if the site they are visiting is using their PC’s power to make big bucks.
How to protect your PC from misuse?
Google is taking on the issue quite seriously. Therefore, Chome security team announced that it plans to release new security features which will block embedded cryptocurrency mining by default. Also, users can check Chrome extensions like minerBlock and No Coin blocking cryptocurrency minors.