Coinhive: A JavaScript Cryptocurrency Miner

February 20, 2018 | Views: 2711

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

As the title says,

Coinhive is a JavaScript Cryptocurrency miner for Monero Blockchain. This piece of script, provided by the Coinhive website, offers a another source of income for any website administrator. Any website admin can sign up for Coinhive and can embed the JavaScript miner to their websites. When any user visits the website, embedded with the Coinhive script, that JavaScript will start to run the miner directly into their browser, mining for cryptocurrency anonymously in the background using CPU’s power.

This tool was designed as an alternative revenue-gathering method for website admin, who are looking to get rid of unwanted ads, taking all the space in their webite. Even though, this tool help to mine Monero (cryptocurrency), which is less valuable than BitCoins, but still, its in the top 10 cryptocurrency in the world.

Coinhive itself is a completely legitimate company, but this service can be abused by hacker in order to earn a quick money. The hackers can inject the JavaScript miner into any webpages of unsuspecting coffee shop goer or any public wifi user, as they browse the internet. Any hacker with a good knowledge of wireless attacks, can use Man-in-the-middle in any Public Hostspots, to inject this script to the users.

HOW TO PREVENT IT

The best way to avoid running malicious JavaScript code in your browser is to disable JavaScript entirely. Only enable and use JavaScript when it’s absolutely necessary. NoScript is often recommended by security professionals and is currently the most convenient way of quickly enabling JavaScript on an as-needed basis.

It may not be very lucrative when used on small websites, but imagine a Coinhive miner on every Facebook and Google page? It could happen.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
8 Comments
  1. Looks noobie but good awareness.

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel