Coinhive hacked

Hackers were able to mine Monero for six hours, using the Coinhive power
26 October 2017   1941

On the night of October 24, unknown hackers hacked the Coinhive Miner's DNS server and redirected the production of crypto-currency to their own server. As reported by the Coinhive official blog, the hackers took advantage of the old password from Cloudflare, which was stolen from Kickstarter back in 2014.

Within six hours hackers mined the Monero cryptocurrency through thousands of computers of its victims around the world. The amount of damage to Coinhive users is not reported.

At the same time, the company reported that hackers did not have access to servers with databases and could not steal personal data.

We have learned hard lessons about security and used 2FA and unique passwords with all services since, but we neglected to update our years old Cloudflare account.
We're deeply sorry about this severe oversight.
 

Coinhive Team

Now the company is looking for opportunities to recover damages to its customers. In particular, it is planned to provide users with an additional 12 hours of using the service. 

BlackSquid Hidden Miner to Attack US & Thai PCs

The malware is distributed through malicious websites, compromised web servers, network drives, and USB drives; it uses different exploits and vulnerabilities
05 June 2019   200

Trend Micro researchers have discovered a new malware that mines the Monero cryptocurrency on users' devices, reports ZDNet.

Most of all, a new malware miner called BlackSquid is popular in Thailand and the United States. The maleware is distributed through malicious websites, compromised web servers, network drives, and USB drives. BlackSquid uses EternalBlue, DoublePulsar, server vulnerabilities CVE-2014-6287, CVE-2017-12615, CVE-2017-8464 and errors in the ThinkPHP web application.

BlackSquid uses various tricks to keep the program unnoticed. For example, if a program detects that it was running in a virtualization environment, or finds debugging tools, then the malicious functions will not be activated.

Unnoticed, the malware installs the XMRig mining script. The attack does not end there - the program also scans the system for the a video card in order to extract coins more efficiently. After infecting one computer on the network, the virus tries to spread to other systems.