Surveys show that 49% of cryptographic mining scripts are deployed on porn sites

According to securityaffairs media on February 12 news, security experts in recent years found that the increasing number of encrypted mining scripts, especially those who hacked through online hackers server deployment of the script. According to preliminary statistics, about 49% of encrypted mining scripts are deployed on related pornographic websites. 

It is learned that security experts analyze cryptographic mining scripts online through DNS traffic on their DNSMon system to determine which websites load the script from the domain name associated with the mining service within the browser.

Research shows that about 49% of cryptographic mining scripts are deployed on pornographic websites. In fact, this result is not surprising, because visitors will spend a lot of time watching the contents of the site, which indirectly gives the attackers some use of space. Of course, these mining scripts are also deployed on some fraudulent websites (8%), advertising (7%) and mining (7%). Not only that, the study also shows that the most commonly used cryptographic mining scripts are Coinhive (68% + 10%), followed by JSEcoin (9%).

TOP 10 mining site 

The figure above shows the trend of DNS traffic at mining sites

The following is a breakdown of new participants in most mining activities:

  • Advertisers : The mining activity of some websites is introduced by the advertisers’ external chains
  • Shell link : Some websites will use a “shell link” to obscure the mining site link in the source code
  • Short domain name service provider : goobo . COM .br Brazil is a short domain name service provider, the website home page, including a short domain name through the service generated when access to the link will be loaded coinhive mining
  • Supply chain contamination : the WWW . Midijs . NET is a JS-based MIDI file player, website source code used in mining to coinhive
  • Self-built pool : Some people in github open source code , can be used to build from the pool
  • Web users informed mining : authedmine . COM is emerging of a mining site, the site claims that only a clear case of known and authorized users, began mining

Source: SecurityAffairs

Share