Malwarebytes has reportedly blocked over 200,000 requests to link to Coinhive, just one day after the service officially shut down on March 8, 2019. Malwarebytes also revealed that they had found out a new mining software called ‘WebMinePool,’ that targets the web routers which were the previous aim of the Coinhive script.
“Interestingly, we still detect thousands of blocks for Coinhive-related domain requests, even though the service announced it was shutting down on March 8. Over the past week, our telemetry recorded an average of 50,000 blocks per day.” – read the official release issued by Malwarebytes.
According to the website, the reason why these websites can still be infected is due to the fact that many of these pages never had the remnants of previous Coinhive attacks completely removed from their code. That meant that bits of the JavaScript code which was used to request data from the Coinhive library are still present in the pages, meaning that attackers can use this route to once again infect the website.
The threat of Coinhive’s legacy prompted Mozilla Firefox to address this issue after the popular browser issued a statement called ‘Protecting Against Fingerprinting and Cryptocurrency Mining Available in Firefox Nightly and Beta.’
“At Mozilla, we have been working hard to protect you from threats and annoyances on the web, so you can live your online life with less to worry about. Last year, we told you about adapting our approach to anti-tracking given the added importance of keeping people’s information on the web private in today’s climate.” – read the report issued by Mozilla.