• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

jQuery Blog Gets Hacked – Hackers Compromise CoinHive’s DNS

October 26th, 2017 Waqas Hacking News 0 comments
jQuery Blog Gets Hacked – Hackers Compromise CoinHive’s DNS
Share on FacebookShare on Twitter

In two different incidents, security of high profile platforms was compromised. These platforms include jQuery and CoinHive.

jQuery

Earlier today, two hackers going by the online handle of “n3tr1x” and “str0ng” hacked and defaced the official blog (blog.jquery.com) of jQuery. The JavaScript library platform was using WordPress content management system (CMS) for its blog and looking at the defacement screenshot it can be seen that hackers compromised editor account of Leah Silber who happened to be a core team member at jQuery.

According to The Hacker News, there is no evidence whether the server (code.jquery.com) that host jQuery file was also compromised. Remember, although WordPress is used by millions of website the platform is also known for critical zero-day security flaws.

Therefore, it is quite possible if hackers didn’t hack Silber’s account and might have exploited some security flaw in WordPress that is unknown to its developers. Here’s a screenshot of the deface page taken before jQuery deleted the blog post published by hackers:

At the time of publishing this article; the article post published by hackers was removed.

CoinHive hack

CoinHive is a firm that provides cryptocurrency miner written in Javascript, which sends any coins mined by the browser to the owner of the website. CoinHive was in the news last month when The Pirate Bay (TPB) was caught using its visitor’s CPU to generate Monero cryptocurrency.

TPB was using cryptocurrency mining code provided by CoinHive, which is neither a virus nor a trojan but security community consider it unethical to be used without informing site visitors. However, with its growing popularity, it became a prime target of hackers on 23rd Oct when CoinHive’s DNS was hijacked to mine cryptocurrency on thousands of websites.

According to reports, the unknown hacker was able to compromise CloudFlare account for CoinHive allowing them to modify its DNS servers and replace Coinhive’s official JavaScript code on thousands of website with a malicious one.

CoinHive also acknowledged the hack and wrote a blog post explaining that “Tonight, Oct. 23th at around 22:00 GMT our account for our DNS provider (Cloudflare) has been accessed by an attacker. The DNS records for coinhive.com have been manipulated to redirect requests for the coinhive.min.js to a third party server.”

“This third-party server hosted a modified version of the JavaScript file with a hardcoded site key. This essentially let the attacker “steal” hashes from our users.”

Culprit: The leaked password

CoinHive team further explained that the attackers were successful in hijacking their CloudFlare account by using a password that was leaked in Kickstarter breach back in 2014. This means CoinHive didn’t change its Cloudflare’s account password since last three years.

“We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old CloudFlare account,” said CoinHive.

Your favorite site might be using your CPU to generate cryptocurrency

As mentioned above, The Pirate Bay was secretly running CoinHive’s cryptocurrency mining script. In response, the TPB team claimed it was a 24 hours test for alternative advertising, but a month later, the site was again caught secretly using CPU power of its visitors to generate digital currency.

One month ago again, two websites owned by CBS’s ShowTime were caught mining cryptocurrency using CPU of its visitors. That’s not it; researchers also discovered that hackers are infecting mods belonging to popular Grand Theft Auto V (GTA 5) video game with malware that uses user’s PC to generate digital coins.

Another report discovered that hackers are compromising websites and embedding cryptocurrency mining scripts in them to make money without the knowledge of website owners. Therefore users are urged to remain vigilant and check (by checking the site’s source code) if the site they are visiting is using their PC’s power to make big bucks. 

How to protect your PC from misuse?

Google is taking on the issue quite seriously. Therefore, Chome security team announced that it plans to release new security features which will block embedded cryptocurrency mining by default. Also, users can check Chrome extensions like minerBlock and No Coin blocking cryptocurrency minors.

[fullsquaread][/fullsquaread]

  • Tags
  • Bitcoin
  • CloudFlare
  • Cryptocurrency
  • Cyber Crime
  • DNS
  • hacking
  • internet
  • Malware
  • security
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article Bad Rabbit ransomware spreading like wildfire but there is a way out
Next article This malware turns itself into ransomware if you try to remove it
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Malwarebytes says it was also breached by SolarWinds hackers

Malwarebytes says it was also breached by SolarWinds hackers

Hackers compromised IObit forum to spread DeroHE ransomware

Hackers compromised IObit forum to spread DeroHE ransomware

Livecoin crypto exchange shuts down after losing domain to hackers

Livecoin crypto exchange shuts down after losing domain to hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

55
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

90
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

109

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us