Additionally, CoinHive provides an “URL shortener” service letting users create a short link for any URL with. The difference with the similar services is that this one introduces a delay so that it can mine Monero cryptocurrency for an interval of time before redirecting users to the original URL.
As the redirection time is adjustable via CoinHive’s settings, the crooks can force visitors’ web browsers to mine cryptocurrency for a longer period.
Security researchers found that numerous legitimate websites have been hacked by attackers to load short URLs generated using the CoinHive service through a hidden HTML iFrame. By doing so, the crooks attempted to force visitors’ browsers into mining cryptocurrencies.
The security experts linked this last campaign to a malware campaign registered by Sucuri researchers in May, this year.
In addition, the crooks inject hyperlinks to other compromised websites to manipulate victims to download cryptocurrency miners for desktops disguised as legitimate software.
“In this campaign, we see infrastructure used to push an XMRig miner onto users by tricking them into downloading files they were searching for online,” the security experts say.
“In the meantime, hacked servers are instructed to download and run a Linux miner, generating profits for the perpetrators but incurring costs for their owners.”