VNCERT orders quick action against CoinHive

Thứ Bảy, 18/11/2017, 15:30
The Vietnam Computer Emergency Response Team has ordered all cybersecurity units at State agencies, enterprises and banks from the central to the local level to guard against the CoinHive malicious code.
The Viet Nam Computer Emergency Response Team has ordered all cybersecurity units at State agencies, enterprises and banks from the central to the local level to guard against the CoinHive malicious code.— Photo ictnews.vn

The team recently discovered CoinHive malicious code, hidden inside a JavaScript Programme named CoinHive, secretly loading when computer users accessed certain sites on the Internet. The CoinHive programme has transformed from an innovative tool that lets you mine cryptocurrency, including Bitcoin and Monero, with your browser, to a technology abused by hoards of malware authors.

In theory, the programme is an innovative new way of monetising web content. Instead of bothering visitors with ads, sites that use CoinHive can borrow a limited amount of the user’s CPU power when they visit the site. The borrowed CPU time uses a bit of electricity, raising each visitor’s electric bill but only by a tiny bit.

The problem is that suddenly CoinHive is popping up all over the web, grabbing as much CPU power as it can from every PC it touches, but without getting permission or even notifying the affected visitors. In many cases, it appears the software has even been installed on web sites without the permission of the website owners, with the generated Monero coins going into the digital wallets of unknown hackers located somewhere else.

Nguyen Khac Lich, deputy head of the Viet Nam Computer Emergency Response Team asked website administrators to re-check and remove the CoinHive malicious code if they find it.

Network administrators were told to take measures to prevent the malicious code from attacking user’s computers, such as using firewall to block connections to domains of afminer.com, coin-have.com, coinerra.com, coinhive.com, coinnebula.com, crypto-loot.com, hashforcash.us, jescoin.com, ppoi.org and authedmine.com.

The network administrators should recommend computer users to install minerBlock and No Coin for Chrome and NoScripts for Firefox. These browser extensions are specifically designed to block popular crypto miners from using your computing power.

Computer users should check the CPU performance of their computers using the applications of Windows Task Manager and Resource Monitor, he said.

If users find that their computers are running slow, it might have been attacked by the malicious code and users should inform the network administrators to fix it, he said.

Lich is requiring every relevant unit to send a report to the computer emergency response team before November 30.

VNS