CyberWisdom Safe Harbor Commentary on crypto mining scripts
Qihoo 360’s Netlab experts analyze DNS traffic through the DNSMon system and analyze cryptographic mining scripts online. Experts can determine which sites load scripts from domains related to in-browser mining services.
According to the researchers, 49% of cryptographic mining scripts are deployed on pornographic websites.
Research shows that crypto-currency mining scripts are also deployed on fraudulent websites (8%), advertising domains (7%), and cryptocurrency mining (7%).
0.2% of sites have web crawling code embedded in their home page: 241 (0.24%) on Alexa Top 100,000, 629 (0.21%) on Alexa Top 300,000 “Read the analysis posted by NetLab.
“Sex-related websites are the main body, accounting for 49% of these sites. Others include fraud (8%), advertising (7%), mining (7%), film and television (6%) and other categories”
The most commonly used cryptographic mining scripts are Coinhive (68% + 10%), followed by JSEcoin (9%).
crypto mining scripts deployment
The fact that encrypted currency mining scripts are deployed at pornographic sites at most is not surprising as they have a large number of visitors who spent a lot of time in the past watching their content.
The online mining activity is rapidly increasing and the figure below shows the trend of DNS traffic in mining sites:
Under the new category of participants in the crypto mining scripts activity:
- Advertisers: Mining activities at some sites are introduced by the advertiser’s external chain
- Shell links: Some sites will use “shell links” to hide source code from mining site links
- Short Name Service Provider: goobo. COM .br Brazil is a short domain name service provider whose homepage includes a short domain name through which access links generated by the service will be loaded.
- Supply Chain Pollution: WWW. Midijs. NET is a JS-based MIDI file player for mining website source code
- Self-built pool: Some people open source code on github, can be used to build from the pool
- Web users notify mining: authedmine. COM is on the rise of a mining site that claims that known and authorized users will only begin mining if the situation is clear.
The number of crypto mining scripts discovered by security experts continues to increase, especially those ones illegally deployed by hacking servers online. The experts from Qihoo 360’s Netlab analyzed crypto mining scripts online by analyzing DNS traffic with its DNSMon system. The experts were able to determine which sites load the scripts from domains associated with in-browser mining services. Engaging post, Read More…
thumbnail courtesy of securityaffairs.co
If you like to receive more of these curated safe harbor news alerts, then subscribe to my mailing list. Come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »