SHOCKER - Coinhive URL Shortener Used for Crypto Mining Attacks

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Locked
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

SHOCKER - Coinhive URL Shortener Used for Crypto Mining Attacks

Post by Moogle Stiltzkin »

Security researches at Securi have identified hundreds of websites that have been utilizing the Coinhive URL shortener to mine cryptocurrency on unsuspecting user devices. What is the Coinhive URL shortener? I'm glad you asked. Coinhive describes it as this: "If you have an URL you’d like to forward your users to, you can create a cnhv.co shortlink to it. The user has to solves[sic] a number of hashes (adjustable by you) and is automatically forwarded to the target URL afterwards."

Image
In the URL shortener's intended form, end users would then be presented with a progress bar showing that Coinhive is now solving hashes on their device.

The plot thickens. Some denizens of cyberspace with less than scrupulous intentions (certain website owners / cyber criminals) have found a way to load the progress bar in an IFrame that sports an area of 1 pixel by 1 pixel with zero interaction from the end user. Essentially, the IFrame loads as a 1x1 pixel, no one sees the notification, resource usage jumps to 100%, and BAM! Someone else is making money at your expense. A list of some of the websites identified can be found here. Thanks to SCHTASK for the link and the story.

Solutions

https://fossbytes.com/block-cryptocurre ... n-browser/

[youtube=]K9FoZjR2h60[/youtube]

for browser extensions, i recommend gorhill's
Chromium
You can install the latest version manually, from the Chrome Web Store, or from the Opera add-ons.

There is also a development version in the Chrome Web Store if you want to test uBlock Origin with the latest changes: see uBlock Origin dev build.

It is expected that uBlock Origin is compatible with any Chromium-based browsers.
https://github.com/gorhill/uBlock/releases
https://github.com/gorhill/uMatrix/releases
https://github.com/gorhill/uBO-Extra


and also now if you spot this coinhive link shorterner, just don't use that link period :S
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: SHOCKER - Coinhive URL Shortener Used for Crypto Mining Attacks

Post by dolbyman »

same basically as other ad forwarders .. you have to endure a certain amount of ads to get forwarded to your requested URL .. here you have to "crunch" a certain amount of crypto cycles to get to your link ...

no infection etc
Locked

Return to “Users' Corner”