Wednesday, 25 October 2017

Assault Modifies Dns Coinhive Using Reused Password

An attacker succeeded in adjusting the coinhive dns yesterday, making websites using the cryptominer a JavaScript file of the attacker's being. Coinhive is a cryptominer that uses the computer's computing power to cryptocurrency Monero through the browser. To do this, the computer performs a cryptographic calculation.

Owners of websites that want to use Coinhive must point to a coinhive JavaScript file on their website. This file is then uploaded by the visitor's browser, after which the computing power of their computer is used to perform the cryptographic calculation. The attacker was able to access the Coinhive Cloudflare account. Cloudflare is Coinhive's dns provider.

Then, the attacker changed the DNS settings, which forwarded requests for to another server. This server turned a custom version of the JavaScript file. This caused the attacker to benefit from the calculations made by website visitors, rather than the websites running Coinhive.

According to Coinhive , the Cloudflare account has been hacked through an unsafe password probably stolen at Kickstarter's hack in 2014. "Since then, we learned hard lessons about security and used two-factor authentication and unique passwords for all services, but have failed to update our years-old Cloudflare account," said Coinhive. We are now looking at ways to offset affected websites.

No comments:

Post a Comment