Cryptojacking Script Found in Live Help Widget (e.g. in online shops), Impacts Around 1,500 Sites

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Security is a round-the-clock affair. Instead of spending Thanksgiving with family and friends, Las Vegas-based security researcher Troy Mursch was busy all day digging into the code of hundreds of websites to discover the source of a massive cryptojacking campaign that was set in motion today.

Speaking to Bleeping Computer, Mursch said he found a copy of the Coinhive in-browser cryptocurrency miner inside one of the JavaScript files used by LiveHelpNow, a live chat and support widget that was being loaded on the sites he investigated.

Coinhive-LHN.png


It is unclear if the service has been hacked or the file was altered by a rogue employee looking for a way to boost his personal Monero funds. A LiveHelpNow spokesperson was not on hand to comment, being Thanksgiving, and all.


Whoever masterminded this campaign is a genius. According to PublicWWW, nearly 1,500 sites are loading the LiveHelpNow's widget and most are online shops or homepages for private businesses.


With Black Friday and Cyber Monday around the corner, millions of users will be heading to some of these sites looking for deals. Furthermore, there is a low chance that there's someone watching the affected sites to remove the LiveHelpNow widget.

Both Mursch and Bleeping Computer have observed a weird behavior in the script's mode of operation. Not all users accessing these sites will receive a copy of the Coinhive-infected LiveHelpNow script from the get-go. The script loads at random, and you may need to refresh the page before the cryptojacking behavior starts.


"Not sure they are trying to be stealthy or rate limiting of some kind or something," Mursch told Bleeping Computer.


Nonetheless, the cryptojacking behavior (abusive mining of cryptocurrencies inside browsers without users' consent) is untethered, meaning the script will gobble up all the available CPU resources, driving CPU usage to 100%, producing unnecessary wear and tear on visitors computers.

Overall, cryptojacking has been the most popular malware trends this fall. Malwarebytes ranked a "cryptojacking gold rush" as the number one security prediction for 2018.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top