Obfuscated Coinhive shortlink reveals larger mining operation

A web miner injected into compromised sites is just the tip of the iceberg for an infrastructure hosting malicious Windows and Linux coin miners.

Read more

The state of malicious cryptomining

From malware coin miners to drive-by mining, we review the state of malicious cryptomining in the past few months by looking at the most notable incidents and our own telemetry stats.

Read more

RIG exploit kit campaign gets deep into crypto craze

We take a look at a prolific campaign that is focused on the distribution of coin miners via drive-by download attacks. We started to notice larger-than-usual payloads from the RIG exploit kit around November 2017, a trend that has continued more recently via a campaign dubbed Ngay.

Read more

How cryptocurrency mining works: Bitcoin vs. Monero

Why do threat actors prefer mining for Monero rather than the very hot Bitcoin cryptocurrency? Let us point out the reasons.

Read more

Persistent drive-by cryptomining coming to a browser near you

If you think closing your browser window to leave a site that runs a cryptominer will stop the mining process, think again. Persistent drive-by cryptomining has arrived.

Read more

A look into the global drive-by cryptocurrency mining phenomenon

As drive-by downloads slow down, drive-by cryptocurrency mining emerges as the latest annoyance that hijacks our PCs’ CPU.

Read more

Why is Malwarebytes blocking Coinhive?

Since September 19, the number two most frequently blocked website for our customers has been coinhive.com. This post will describe what CoinHive is, what it is doing, and why we are blocking it.

Read more

The curious case of a Sundown EK variant dropping a Cryptocurrency Miner (updated)

A strange variant or copycat of Sundown EK drops an unexpected payload that we decided to look deeper into.

Read more

Select your language