In-Store WiFi Provider Used Starbucks Website to Generate Monero Coins

Por Wagas em 11/12/2017 no site de HackRead

The value of Bitcoin is increasing rapidly making it almost impossible for most of the world to invest and that is why users are trying to invest or mine other currencies including Monero digital coin which is around USD 265.

Starbucks And CoinHive Code

On December 2nd, a Twitter user Noah Dinkin sent out a screenshot that showed coffee giant Starbucks’ reward site for Argentina was using CoinHive’s code to generate Monero coins by using CPU power of site’s visitors. In this case, Starbucks’ customers.

In his tweet, Dinkin mentioned that the culprit behind this scheme could be the company’s in-store WiFi provider. However, for last few months cybercriminals have been hacking websitesto place CoinHive code secretly. In fact, just a few days ago researchers identified more than 5,000 sites that were hijacked to insert CoinHive code yet Starbucks direct involvement is still unclear.

Noah Dinkin@imnoah

Hi @Starbucks @StarbucksAr did you know that your in-store wifi provider in Buenos Aires forces a 10 second delay when you first connect to the wifi so it can mine bitcoin using a customer's laptop? Feels a little off-brand.. cc @GMFlickingerpic.twitter.com/VkVVdSfUtT

11:22 AM - Dec 2, 2017

•  8282 Replies
 
 1,611
• 1,611 Retweets
 
 1,807
• 1,807 likes

Twitter Ads info and privacy

“Hi, @Starbucks @StarbucksAr did you know that your in-store wifi provider in Buenos Aires forces a 10-second delay when you first connect to the wifi so it can mine bitcoin using a customer’s laptop? Feels a little off-brand.. cc @GMFlickinger,” the tweet said.

Image credit: @imnoah/Twitter

Starbucks is popular for providing free WiFi access to its customers while its reward program lets customers earn reward stars based on the amount of money they spend at Starbucks. But little did the Argentinian customers know that CPU power of their devices was being used to generate Monero coins.

As of now, there has been no response from Starbucks but for customers, the lesson is there is no such thing as “free WiFi.”

How Does CoinHive Work

For those who are unaware of how CoinHive works, it is a company that provides cryptocurrency miner written in Javascript, which sends any coins mined by the browser to the owner of the website. Previously, ThePirateBay and CBS’s ShowTime websites were also caught using the code to generate Monero coins.

Although the general conception is that once a visitor closes the website using cryptocurrency miner, it stops mining however recently, researchers discovered that tons of sites keep using CPU power to mine even if users close the site tab.

Cloudflare Not Cool With Secret Miners

According to CloudFlare, using cryptocurrency mining code without informing users and not providing them the option to opt out is considered as malware. To highlight the seriousness of the matter, the company booted off one of its customers for secretly using cryptocurrency miner.

“Multiple domains in your account were injecting Coinhive mining code without notifying users. … We consider this to be malware, and as such, the account was suspended, and all domains removed from Cloudflare,” Cloudflare told its customer in October said.

Cryptocurrency Mining Scripts Now Run Even After You Close Your Browser

Swati Khandelwal em29/11/2017 no site The Hacker News

Some websites have found using a simple yet effective technique to keep their cryptocurrency mining javascript secretly running in the background even when you close your web browser.

Due to the recent surge in cryptocurrency prices, hackers and even legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor's PC to mine Bitcoin or other cryptocurrencies.

After the world's most popular torrent download website, The Pirate Bay, caught secretly using Coinhive, a browser-based cryptocurrency miner service, on its site last month, thousands of other websites also started using the service as an alternative monetization model to banner ads.

However, websites using such crypto-miner services can mine cryptocurrencies as long as you're on their site. Once you close the browser window, they lost access to your processor and associated resources, which eventually stops mining.

Unfortunately, this is not the case anymore.

Security researchers from anti-malware provider Malwarebytes have found that some websites have discovered a clever trick to keep their cryptocurrency mining software running in the background even when you have closed the offending browser window.

How Does This Browser Technique Work?

According to a blog post published Wednesday morning by Malwarebytes, the new technique works by opening a hidden pop-under browser window that fits behind the taskbar and hides behind the clock on your Microsoft's Windows computer.

From there (hidden from your view), the website runs the crypto-miner code that indefinitely generates cryptocurrency for the person controlling the site while eating up CPU cycles and power from your computer until and unless you notice the window and close it.

Researchers say this technique is a lot harder to identify and able to bypass most ad-blockers because of how cleverly it hides itself. The crypto-miner runs from a crypto-mining engine hosted by Amazon Web Servers.

"This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself," Jérôme Segura, Malwarebytes' Lead Malware Intelligence Analyst, says in the post. "Closing the browser using the "X" is no longer sufficient."

To keep itself unidentified, the code running in the hidden browser always takes care of the maximum CPU usage and maintains threshold to a medium level.

You can also have a look at the animated GIF image that shows how this clever trick works.

This technique works on the latest version of Google's Chrome web browser running on the most recent versions of Microsoft's Windows 7 and Windows 10.

How to Block Hidden Cryptocurrency Miners

If you suspect your computer CPU is running a little harder than usual, just look for any browser windows in the taskbar. If you find any browser icon there, your computer is running a crypto-miner. Now simply, kill it.

More technical users can run Task Manager on their computer to ensure there is no remnant running browser processes and terminate them.

Since web browsers themselves currently are not blocking cryptocurrency miners neither does the integrated Windows Defender antivirus software, you can use antivirus programs that automatically block cryptocurrency miners on web pages you visit.

For this, you can contact your antivirus provider to check if they do.

Alternatively, you can make use of web browser extensions, like No Coin, that automatically block in-browser cryptocurrency miners for you, and regularly update themselves with new mining scripts that come out.

Created by developer Rafael Keramidas, No Coin is an open source extension that blocks Coin Hive and other similar cryptocurrency miners and is available for Google Chrome, Mozilla Firefox, and Opera.

No Coin currently does not support Microsoft Edge, Apple Safari, and Internet Explorer. So, those using one of these browsers can use an antimalware program that blocks cryptocurrency miners.