Crypto Mining Malware Has Plummeted Since Coinhive Closure

Along with crypto prices, mining malware has also tanked recently but not because of the bear market. According to new research the chances of your browser being hijacked are far lower now that one major crypto scourge has gone offline.

Cyber security firm Malwarebytes has revealed that crypto mining attacks have plummeted by 79 percent compared to the same time a year ago. The report added that the primary reason for the decline was the closure of Coinhive last month.

“Marked by the popular drive-by mining company CoinHive shutting down operations in early March, consumer cryptomining seems to have gone the way of the dodo. Detections of consumer-focused Bitcoin miners have dropped significantly over the last year and even from last quarter,” it added.

Coinhive allowed webmasters to install a script that would harness the computing resources of anyone viewing the website, often without their knowledge. This would enable them to make a little extra revenue by mining Monero on the sly. As Coinhive grew, antivirus companies started blocking the scripts which became hugely popular in 2017 and 2018.

Since then however Malwarebytes has said that numbers have fallen dramatically; “We went from tens of millions of blocks to an estimated two million per day,” the firm told PC Mag. Coinhive announced its demise in February this year citing the ongoing bear market and increased difficulties in mining Monero due to the latest XMR hark fork. Similar research suggests that the profitability in Monero mining has fallen significantly along with its prices. At the time of writing XMR was trading at $62, a long way down from its peak of almost $500.

A number of similar scripts have since appeared that emulate Coinhive. Instead of targeting compromised websites new versions such as CoinIMP and CryptoLoot are using torrent portals or file hosting services. In February a fake version of Metamask was found lurking on the Google Play Store. According to security firm Check Point, Coinhive scripts could be revived if crypto prices skyrocket again;

“Despite its closure, the Coinhive JavaScript code is still in place on many websites. No mining is taking place, but if the value of Monero increases significantly, it is possible that Coinhive may come back to life,”

Ledger Detects Desktop Malware

In a related story crypto wallet provider Ledger has detected malware that targets its desktop application. The firm warned users that the malware replaces the genuine software with a malicious version that asks for users to enter their 24 word passphrase after a bogus update.

At the time only Windows machines appeared to be infected and the malware does not mine or steal cryptocurrency. It attempts to use social engineering to lure users into giving up their passphrase.