New ways to monetize hacked web resources

There have always been a lot of ways to get profit from a hacked site. However, cyber crime is not far behind the progress and uses advanced technological methods for illegal earnings.



Previously known monetization methods were:

• selling shell on a hacked site;
• installation of a bunch of exploits;
• installation of scripts, links exchanges, etc .;
• black SEO;
• sale of information (DB).

With the increasing popularity of cryptocurrency, attackers began to use hacked servers for illegal mining. After hacking the web application and gaining access to the web server, the attacker installed a “hidden” miner, such as agentx, CPUMiner-Multi, or their clones / forks.

')

If the attacker was impudent, and used all the powers of the hacked server for mining, he was quickly calculated from the server load.



A recent example:

The victims were multibillion-dollar companies Aviva and Gemalto, but hackers were not interested in their corporate data. The attackers needed only the power for the extraction of cryptocurrency.

But progress does not stand still, a new way of mining has appeared - using embedded javascript, I use the power of customers.



One of these sites offering ready-made code is *** hive.com.

*** hive offers JavaScript miner for mining Monero, which you can embed on your site. Your users run the miner directly in their browser, which allows you to use the site without advertising, but at the same time earning revenue.

The attackers decided to take advantage of the new technology of profit - it’s quite easy to insert the js code, it does not create a burden on the hosting and is not (practically) determined by antivirus tools. The more visitors to the site, the greater the potential income of attackers.







The screenshot shows a fragment of a hacked web application code containing a js crypto miner. (For the screenshot, thanks to Grigory Zemskov's revisium ).



It is worth noting that not only attackers use this technology without warning users that their computing resources will be used for crypto-mining.

Torrent tracker The Pirate Bay has added a JavaScript miner to the code of its pages. In the evening of September 16, this was noticed by users of the resource, who were faced with a dramatically increased load on the processor when visiting the “pirate bay”. Later it turned out that in this way the site administration was testing a new way of making money.

The way to make money without warning the user is rather doubtful. But if the site you visit every day chooses such a monetization scheme - will you share your resources?