Web Mining Detector now uncovers connections to Crypto-Loot platform

Delaware, USA – October 10, 2017 – In connection with the recent launch of a new platform that provides JavaScript cryptocurrency miners for integration into web pages, Web Mining Detector SIEM use case has been updated to version 1.1. Now it contains all the necessary indicators of compromise to detect any connections to this platform. Crypto-Loot service is almost identical to the infamous Coinhive, except for more attractive revenue share. Both services work with the Montero cryptocurrency, but Coinhive gives to its customers 70% of revenue, while Crypto-Loot – as much as 88%. Obviously, a new player in this business is trying to gain a foothold and take away Coinhive’s customers. Perhaps soon the number of such platforms will rise, but for now, we should expect an increase in the number of sites, which administrators want to make some coins on visitors’ CPU. These services are already used by some Tor2Web proxies, in addition, there is a report that several “smart” persons conducted experiments with the inserting of cryptocurrency miners into GTA5 mods.

It is also likely that the number of hacks to inject cryptocurrency miners on popular websites will grow. This kind of cybercrimes is trendy now. So, researchers from RedLock found that attackers hacked AWS of several large companies (confirmed information about the hacking of Aviva and Gemalto) in order to steal their processing power for Bitcoin mining.

Web Mining Detector for ArcSight allows your SIEM to uncover connections to mining platforms and warns administrators about possible performance issues on certain assets.