The spike in the value of some cryptocurrencies like Bitcoin is attracting the interest of cyber criminals. The numbers of incidents and cyber attacks involving miners and mining scripts continue to increase and the last in order of time seems to be the BlackBerry Mobile Site.
On January 6, a Reddit user that handle the moniker “Rundvleeskroket” claims that the official website of BlackBerry Mobile was caught using Coinhive’s cryprocurrency code to mine Monero. Rundvleeskroket wrote that his friend pointed out that Blackberry Mobile domain (blackberrymobile.com) was using the Coinhive code,
“A friend of mine just pointed this out to me.
Have a look at the source code on their pages. This is an official site where BB links to themselves from their product pages at blackberry.com.
Originally pointed out by /u/cryptocripples on /r/security
Update: it seems like only their global site is affected. So anyone getting redirected to CA, EU, US, etc won’t have the coinhive miner running while the site is open.”
The Reddit user also shared the following screenshot:
The Coinhive code was removed from the BlackBerry mobile site, unfortunately, such kind of incidents is becoming frequent. In many cases, website owners are using the CoinHive code to generate Monero exploiting computational resources of unaware visitors.
In December experts from Sucuri discovered that nearly 5,500 WordPress websites were infected with a malicious script that logs keystrokes and in loads a cryptocurrency miner in the visitors’ browsers.
In November, experts reported the same attackers were loading malicious scripts disguised as fake jQuery and Google Analytics JavaScript files that were actually a copy of the Coinhive in-browser cryptocurrency miner. By November 22, the experts observed 1,833 sites compromised by the attackers.
According to a Coinhive’s comment on the Reddit post, the BlackBerry Mobile website was hacked by exploiting a critical security vulnerability in the Magento ecommerce software.
According to Coinhive, the same Coinhive’s account was used in the hack of many other websites, for this reason, it was suspended.
“Coinhive here. We’re sorry to hear that our service has been misused. This specific user seems to have exploited a security issue in the Magento web shop software (and possibly others) and hacked a number of different sites. We have terminated the account in question for violating our terms of service now.” commented Coinhive.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – BlackBerry Mobile Website, Monero Miner)
[adrotate banner=”5″]
[adrotate banner=”13″]