Opera just added a Bitcoin-mining blocker to its browser

ZDNet

Our research shows where organizations are spending their IT budgets in 2018 and what their top priorities are. We also offer practical advice on how to put your IT dollars to good use. Norwegian browser maker Opera has launched the beta version of Opera 50, the first popular browser to integrate a built-in cryptocurrency-mining blocker. The feature offers a new defense against the rise of cryptojacking or browser-based cryptocurrency miners that use a site visitor's CPU without gaining the owner's consent. Crooks are increasingly hiding JavaScript miners on compromised websites and some have taken to deploying sneaky pop-under windows to continue using a CPU even after the victim has left the site, while groups using fake tech support scams have started integrating JavaScript miners into their bogus security-warning browser lockscreens.


Cryptocurrency mining malware now as lucrative as ransomware for hackers

ZDNet

A newly uncovered cybercriminal cryptocurrency mining malware operation which borrows infection techniques from advanced hacking campaigns has earned those behind it behind it millions of dollars thanks to an army of thousands of hijacked computers.


Hijacking Computers to Mine Cryptocurrency Is All the Rage

MIT Technology Review

Have you visited Showtime's website recently? If so, you may be a cryptocurrency miner. An observant Twitter user was the first to sound an alarm last month that the source code for the Showtime Anytime website contained a tool that was secretly hijacking visitors' computers to mine Monero, a Bitcoin–like digital currency focused on anonymity. It's still not clear how the tool got there, and Showtime quickly removed it after it was pointed out. But if it was the work of hackers, the episode is actually part of a larger trend: security experts have seen a spike in cyberattacks this year that are aimed at stealing computer power for mining operations.


#ftag=RSSbaffb68

ZDNet

Coinhive has admitted to a security breach leading to hackers hijacking cryptocurrency mining scripts on legitimate websites. The cryptocurrency mining software provider said this week that at approximately 10 pm GMT on Monday, the firm received a note from its DNS provider, Cloudflare which warned Coinhive that its account had been accessed by a threat actor. The Coinhive Javascript is embedded by users into their websites as a way to mine for the cryptocurrency Monero, but the attackers were able to hijack this script to ensure mined funds entered a wallet they controlled rather than user wallets. "This essentially let the attacker "steal" hashes from our users," Coinhive says. The script used to implement cryptocurrency miners in website domains is a new, albeit controversial idea.


Telegram zero-day let hackers spread backdoor and cryptocurrency-mining malware

ZDNet

A zero-day vulnerability in Telegram Messenger allowed attackers to spread a new form of malware with abilities ranging from creating a backdoor trojan to mining cryptocurrency.