The Coinhive crypto mining code has been recently detected on more than 300 government and university websites worldwide, cyber security researcher Troy Mursch reported Saturday, May 5. According to the report, all the affected websites are using a vulnerable version of the Drupal content management system.
According to Mursch, this recent “high-profile” case of cryptojacking – the use of another’s device to mine crypto without their knowledge – infected 348 websites, including such websites as The National Labor Relations Board, a U.S. federal agency, and the Lenovo user account website.
As Mursch discovered, most of affected sites’ domains were in the U.S. and mainly hosted on Amazon. The full list of infected websites is attached to the original report.
Since its creation in 2017, malicious deployment of the Coinhive miner have led to it becoming the number one “Most Wanted Malware”, according to a Jan. 2018 report.
Coinhive has in fact been used as an alternative for online ads, which can be less malicious but still misleading, by high-profile brands such as Salon and The Pirate Bay.
Back in January, Cointelegraph reported a massive cryptojacking incident that caused 55 percent of online businesses, including Youtube, to unknowingly run crypto miners on websites via the Google DoubleClick advertising platform. According to the report, 90 percent of the ads were using the Coinhive miner.