Japanese Coinhive 'Distributers' May Face Prosecution

The polices believe that the suspects in the case violated the law, which prohibits the use of computer viruses
13 June 2018   1174

The Japanese police are investigating the case about the distribution of Coinhive - a program for the hidden mining of the Monero cryptocurrency. This is reported by Mainichi.

The police believes that the suspects in the case violated the law, which prohibits the use of computer viruses. According to the sources, the alleged criminals created websites that installed the Coinhive mining program on victims' computers without their consent and "without making clear notifications about the mining."

To date, the police are investigating three persons, including a web designer. One of them was already sentenced by the disciplinary court of Yokohama to a fine of 100,000 yen (about $ 904) for the illegal computer virus distribution. According to Mainichi, the defendant stated that this program was not a virus, but a method of monetizing traffic, such as online advertising. The case will be referred to the Yokohama District Court.

Police representatives say that defendants can wait for criminal prosecution, because the installation and operation of Coinhive were carried out without the consent of users. It is reported that this is the first criminal case in Japan, related to the hidden cryptocurrency mining.

The Coinhive program was created in 2017 and has become one of the most common online tools for hidden mining of Monero. There are cases when it was used through YouTube, as well as through government and university sites.

BlackSquid Hidden Miner to Attack US & Thai PCs

The malware is distributed through malicious websites, compromised web servers, network drives, and USB drives; it uses different exploits and vulnerabilities
05 June 2019   192

Trend Micro researchers have discovered a new malware that mines the Monero cryptocurrency on users' devices, reports ZDNet.

Most of all, a new malware miner called BlackSquid is popular in Thailand and the United States. The maleware is distributed through malicious websites, compromised web servers, network drives, and USB drives. BlackSquid uses EternalBlue, DoublePulsar, server vulnerabilities CVE-2014-6287, CVE-2017-12615, CVE-2017-8464 and errors in the ThinkPHP web application.

BlackSquid uses various tricks to keep the program unnoticed. For example, if a program detects that it was running in a virtualization environment, or finds debugging tools, then the malicious functions will not be activated.

Unnoticed, the malware installs the XMRig mining script. The attack does not end there - the program also scans the system for the a video card in order to extract coins more efficiently. After infecting one computer on the network, the virus tries to spread to other systems.