News & Publications

News / Media References

Please see here for our mentions in major news / media publications.


Peer-reviewed academic research publications

Identifying infected energy systems in the wild
Angelos Marnerides, Vasileios Giotsas, and Troy Mursch

A plethora of Mirai-like variants have emerged in the last two years that are capable to infiltrate any type of device. In this paper we provide a 7-month retrospective analysis of Internet-connected energy systems that are infected by Mirai-like malware variants. By utilizing network measurements from several Internet vantage points, we demonstrate that a number of energy systems on a global scale were infected during the period of our observation. Our work offers a first look in compromised energy systems by malware infections, and offers insights on the lack of proper security practices for systems that are increasingly dependent on internet services and more recently the IoT. In addition, we indicate that such systems were infected for relatively large periods, thus potentially remaining undetected by their corresponding organizational units.

View PDF copy

A first look at browser-based cryptojacking
Shayan Eskandari, Andreas Leoutsarakos, Troy Mursch, and Jeremy Clark

In this paper, we examine the recent trend towards in-browser mining of cryptocurrencies; in particular, the mining of Monero through Coinhive and similar code-bases. In addition, we conduct some measurements to establish its prevalence and profitability, outline an ethical framework for considering whether it should be classified as an attack or business opportunity, and make suggestions for the detection, mitigation and/or prevention of browser-based mining for non-consenting users.

View PDF copy


Bad Packets is featured, cited, or mentioned in the following publications.

AT&T ThreatTraq logo

AT&T ThreatTraqVulnerability in Cisco RV320, RV325 Routers

The AT&T ThreatTraq team discuss our findings regarding opportunistic scanning activity targeting vulnerable Cisco routers.

CTV News logo

CTV News Raising The Alarm About Cryptojacking

Bad Packets Report co-founder Troy Mursch spoke with CTV’s Scott Laurie and shared the basics of cryptojacking. What it is, how it happens, and how to prevent it.


The Wall Street Journal.

The Wall Street Journal – Your Computer May Be Making Bitcoin​ for Hackers


The Washington Post

The Washington Post – Hackers have turned Politifact’s website into a trap for your PC

The Washington Post – wants to use your PC to mine cryptocurrency


WIRED Magazine logo

WIRED – Your Browser Could Be Mining Cryptocurrency For a Stranger

WIRED – Hackers Hit Make-A-Wish Website With Cryptojacking Scheme

WIRED – Nationwide Bomb Threats Look Like A New Spin On An Old Bitcoin Scam

WIRED – When Facebook Goes Down, Don’t Blame Hackers

WIRED – Clever New DDoS Attack Gets a Lot of Bang for a Hacker’s Buck


Forbes logo

Forbes – Hackers Are Targeting D-Link Home Routers: Here’s How To Secure Yours

Forbes – Gmail, Netflix and PayPal Users Targeted In DNS Hijacking Campaign

Forbes – Firefox Extensions Are Broken — Here’s What To Do

Forbes – Facebook Changes The Way It Ranks Videos…And Other Small Business Tech News This Week


Krebs on Security logo

Krebs on Security – Website Flaw Let True Health Diagnostics Users View All Medical Records

Krebs on Security – Who and What Is Coinhive?

Krebs on Security – Who’s Behind the Screencam Extortion Scam?

Krebs on Security – Alleged ‘Satori’ IoT Botnet Operator Sought Media Spotlight, Got Indicted

Krebs on Security – Crypto Mining Service Coinhive to Call it Quits

Krebs on Security – Booter Boss Interviewed in 2014 Pleads Guilty


ZDNet logo

ZDNet – Thousands of etcd installs are leaking secret server keys online

ZDNet – Over 115,000 Drupal sites still vulnerable to critical flaw

ZDNet – MikroTik routers enslaved in massive Coinhive cryptojacking campaign

ZDNet – A mysterious grey-hat is patching people’s outdated MikroTik routers

ZDNet – Cybercrime and malware, 2019 predictions

ZDNet – Hackers ramp up attacks on mining rigs before Ethereum price crashes into the gutter

ZDNet – Chinese websites have been under attack for a week via a new PHP framework bug

ZDNet – Over 19,000 Orange modems are leaking WiFi credentials

ZDNet – Hackers are going after Cisco RV320/RV325 routers using a new exploit

ZDNet – It took hackers only three days to start exploiting latest Drupal bug

ZDNet – Coinhive cryptojacking service to shut down in March 2019

ZDNet – Operator of eight DDoS-for-hire services pleads guilty

ZDNet – Hackers have started attacks on Cisco RV110, RV130, and RV215 routers

ZDNet – New Mirai malware variant targets signage TVs and presentation systems

ZDNet – Cisco bungled RV320/RV325 patches, routers still exposed to hacks

ZDNet – Hacker group has been hijacking DNS traffic on D-Link routers for three months

ZDNet – Backdoor code found in popular Bootstrap-Sass Ruby library

ZDNet – A hacker is wiping Git repositories and asking for a ransom

ZDNet – Firefox add-ons disabled en masse after Mozilla certificate issue

ZDNet – Over 25,000 smart Linksys routers are leaking sensitive data

ZDNet – A botnet is brute-forcing over 1.5 million RDP servers all over the world

ZDNet – Oracle patches another actively-exploited WebLogic zero-day

ZDNet – Canonical GitHub account hacked, Ubuntu source code safe

ZDNet – Brazil is at the forefront of a new type of router attack

ZDNet – Security bugs in popular Cisco switch brand allow hackers to take over devices

ZDNet – Hackers mount attacks on Webmin servers, Pulse Secure, and Fortinet VPNs

ZDNet – A Chinese APT is now going after Pulse Secure and Fortinet VPN servers

ZDNet – Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites

ZDNet – Dutch police take down hornets’ nest of DDoS botnets


Daily Beast logo

The Daily BeastHow a High-School Dropout Hacked a Million Devices

Associated Press logo

Associated Press – How your smart fridge might be mining bitcoin for criminals


BBC logo

BBC – Salon magazine mines crypto-cash with readers’ PCs

BBC – Vision Direct hack puts customers’ money at risk



Ars Technica – Now even YouTube serves ads with CPU-draining cryptocurrency miners

Ars Technica – Thousands of servers found leaking 750MB worth of passwords and keys

Ars Technica – Drupal warns of new remote-code bug, the second in four weeks

Ars Technica – Hundreds of big-name sites hacked, converted into drive-by currency miners

Ars Technica – Three months later, a mass exploit of powerful Web servers continues

Ars Technica – Ongoing DNS hijackings target unpatched consumer routers

Ars Technica – >20,000 Linksys routers leak historic record of every device ever connected

Ars Technica – Hackers are actively trying to steal passwords from two widely used VPNs

Ars Technica – Critical vulnerability in vBulletin is being actively exploited


Yahoo! Finance logo

Yahoo! Finance – Cryptojacking still huge, but in decline, says new report

Yahoo! Finance – Malicious cryptojacking code found in 11 Ruby libraries



Fortune – Popular Google Chrome Extension Caught Mining Cryptocurrency on Thousands of Computers


TechCrunch logo

TechCrunch – Cryptojacking malware was secretly mining Monero on many government and university websites

TechCrunchVision Direct reveals breach that skimmed customer credit cards


Global News logo

Global News – Slow phone or computer? How to avoid getting ‘cryptojacked’



CBC News – ‘Cryptojacking’ hacker trend turns Canadians into cryptocurrency miners


Engadget logo

EngadgetOver 21,000 Linksys routers leaked their device connection histories


DailyMail logo

Daily Mail – Facebook says ‘server configuration change’ to blame for its biggest EVER blackout



PC Magazine – Political Fact-Checking Site Hacked to Mine Cryptocurrency

PC Magazine – Coinhive Tries to Appease Critics With Opt-in Crypto Miner

PC Magazine – Why Hackers Love Cryptocurrency Miner Coinhive

PC Magazine – Chrome Extension Hacked to Secretly Mine Cryptocurrency

PC Magazine – Cryptocurrency Miner invades 4,000 Sites Via Third-Party Tool

PC Magazine – Can Cryptocurrency Mining Save The Media Industry?

PC Magazine – 400 Websites Secretly Served Cryptocurrency Miners to Visitors

PC Magazine – 200K MikroTik Routers Exploited to Serve Cryptocurrency Miner

PC Magazine – Coinhive Cryptocurrency Mining Service to Shut Down


Threatpost logo

Threatpost – Cryptojacking Attack Found on Los Angeles Times Website

Threatpost – Ad Network Circumvents Ad-Blocking Tools To Run In-Browser Cryptojacker Scripts

Threatpost – Rarog Trojan ‘Easy Entry’ For New Cryptomining Crooks, Report Warns

Threatpost – Muhstik Botnet Exploits Highly Critical Drupal Bug

Threatpost – Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked

Threatpost – Drupalgeddon 2.0 Still Haunting 115K+ Sites

Threatpost – Newsmaker Interview: Troy Mursch on Why Cryptojacking Isn’t Going Away

Threatpost – Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally

Threatpost – Thousands of MikroTik Routers Hijacked for Eavesdropping

Threatpost – VisionDirect Blindsided by Magecart in Data Breach

Threatpost – Newsmaker Interview: Troy Mursch on Top Botnet Trends

Threatpost – 19K Orange Livebox Modems Open to Attack

Threatpost – Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution

Threatpost – Hackers Abuse Google Cloud Platform to Attack D-Link Routers

Threatpost – New Mirai Samples Grow the Number of Processors Targets

Threatpost – Muhstik Botnet Variant Targets Just-Patched Oracle WebLogic Flaw

Threatpost – Forbes Becomes Latest Victim of Magecart Payment Card Skimmer

Threatpost – Wikipedia, World of Warcraft Downed By Weekend DDoS Attacks



The Next Web – CBS’s Showtime caught secretly stealing visitors’ CPU power to mine cryptocurrency

The Next Web – Researcher finds 50,000 sites infected with cryptocurrency mining malware

The Next Web – Google Play is hosting a disturbing amount of cryptocurrency malware

The Next Web – UNICEF wants your CPU power to mine cryptocurrency for children in Bangladesh

The Next Web – Nearly 400 Drupal sites infected with malware that secretly mines cryptocurrency

The Next Web – The US-China Association of Commerce site is running cryptocurrency mining malware

The Next Web – 200,000 routers in Brazil were secretly hijacked to mine cryptocurrency

The Next Web – Browser mining is generating over $250K worth of cryptocurrency every month

The Next Web – Twitter is now recommending users follow cryptocurrency scambots

The Next Web – Google Play promised to ban cryptocurrency mining apps, but we found tons

The Next Web – 30 days after the ban, Google Play still hosts cryptocurrency mining apps

The Next Web – The crypto-jacking epidemic continues, 280K infected routers detected to date

The Next Web – Monero slams crypto-jackers after mining malware hits government sites

The Next Web – Crypto-jacking epidemic spreads to 30K routers across India

The Next Web – 415,000 routers worldwide hijacked to secretly mine cryptocurrency

The Telegraph

The Telegraph – Cryptojacking: The hackers mining digital currencies from your computer



The Register – CBS’s Showtime caught mining crypto-coins in viewers’ web browsers

The Register – Real Mad-quid: Murky cryptojacking menace that smacked Ronaldo site grows

The Register – More and more websites are mining crypto-coins in your browser to pay their bills, line pockets

The Register – Pulitzer-winning website Politifact hacked to mine crypto-coins in browsers

The Register – Mirai, Mirai, pwn them all, who’s the greatest botnet on the whole?

The Register – What do Vegas hookers, Colombian government, and 30,000 other sites have in common? Crypto-jacking miners

The Register – Crypto-jackers enlist Google Tag Manager to smuggle alt-coin miners

The Register – Guys, you’re killing us! LA Times homicide site hacked to mine crypto-coins on netizens’ PCs

The Register – Opt-in cryptomining script Coinhive ‘barely used’ say researchers

The Register – Cluster-f*ck! Etcd DBs spaff passwords, cloud keys to world by default

The Register – That Drupal bug you were told to patch weeks ago? Cryptominers hope you haven’t bothered

The Register – OMG, that’s downright Wicked: Botnet authors twist corpse of Mirai into new threats

The Register – Drupal drisputes dreport of widespread wide-open websites

The Register – Japanese Coinhive JS injector slapped with suspended sentence

The Register – Why is my cheapo Android red hot and switching off Wi-Fi?

The Register – Sextortion scum armed with leaked credentials are persistent pests

The Register – Miscreants sweep internet for unpatched Cisco kit, fears over bugged Chinese parts, Roger Stone nabbed…

The Register – Bank-card-slurping malware sneaks into Forbes’ mag subscription website

The Register – CIA traitor spy thrown in the clink for selling secrets to China. Stack Overflow, TeamViewer admit: We were hacked…



Bleeping Computer – The Internet Is Rife With In-Browser Miners and It’s Getting Worse Each Day

Bleeping Computer – Cryptojacking Craze: Malwarebytes Says It Blocks 8 Million Requests per Day

Bleeping Computer – Cookie Consent Script Drops In-Browser Cryptocurrency Miner

Bleeping Computer – Cryptojacking Script Found in Live Help Widget, Impacts Around 1,500 Sites

Bleeping Computer – Mirai Activity Picks up Once More After Publication of PoC Exploit Code

Bleeping Computer – Cryptojackers Found on Starbucks WiFi Network, GitHub, Pirate Streaming Sites

Bleeping Computer – Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner

Bleeping Computer – Using the Chrome Task Manager to Find In-Browser Miners

Bleeping Computer – Firefox Working on Protection Against In-Browser Cryptojacking Scripts

Bleeping Computer – Unicef’s TheHopepage May Be the First Good Use of In-Browser Mining

Bleeping Computer – Drupal Sites Fall Victims to Cryptojacking Campaigns

Bleeping Computer – Google Agrees to Pay $11 Million to Owners of Suspended AdSense Accounts

Bleeping Computer – Two Months Later, Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon 2

Bleeping Computer – You Can File Complaints About Cryptojacking With the FTC

Bleeping Computer – Massive Coinhive Cryptojacking Campaign Touches Over 200,000 MikroTik Routers

Bleeping Computer – Coinhive Raking In Over $250,000 per Month From In-Browser Cryptomining

Bleeping Computer – Mirai IoT Malware Uses Aboriginal Linux to Target Multiple Platforms

Bleeping Computer – Over 3,700 MikroTik Routers Abused In CryptoJacking Campaigns

Bleeping Computer – VisionDirect Data Breach Caused by MageCart Attack

Bleeping Computer – Orange LiveBox Modems Targeted for SSID and WiFi Info

Bleeping Computer – Hackers Targeting Cisco RV320/RV325 Routers Using New Exploits

Bleeping Computer – Coinhive In-Browser Cryptomining Service Shuts Down on March 8

Bleeping Computer – Cisco Botches Fix for RV320, RV325 Routers, Just Blocks ‘curl’ User Agent

Bleeping Computer – Confluence Servers Hacked to Install Miners and Rootkits

Bleeping Computer – Linksys Smart Wi-Fi Routers Leak Info of Connected Devices

Bleeping Computer – Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site

Bleeping Computer – Botnet Uses Recent vBulletin Exploit to Block Other Hackers


The Vergo logo

The Verge Popular ‘cryptojacking’ service Coinhive will shut down next week


IBT logo

International Business Times – Hackers covertly hide code on Politifact to hijack your PC, secretly mine cryptocurrencies

International Business Times – Popular Chrome extension with over 105,000 users found secretly mining cryptocurrency

International Business Times – Salon to readers: Let us use your PC to mine cryptocurrency in exchange for an ad-free website

International Business Times – Mozilla Firefox Will Block Cryptocurrency Mining Malware Scripts From Web Browser


Newsweek en Español logo

Newsweek en Español – SEP, UNAM y la Liga MX, fueron intervenidas para generar dinero con un código malicioso (SEP, UNAM and Liga MX, were intervened to generate money with a malicious code)


The Hacker News Logo

The Hacker News – Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit

The Hacker News – Hackers Infect Over 200,000 MikroTik Routers With Crypto Mining Malware

The Hacker News – New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide


Avast Blog

Avast Blog – MikroTik mayhem: Cryptomining campaign abusing routers

Avast Blog – The End of Coinhive; The end of cryptojacking?


Marion Star logo

Marion Star – Researcher: Marion website was infected, site visitors exploited for digital money


La Stampa – Truffe, crimini e ricatti online: dove nascono, come funzionano e perché sono difficili da fermare (Scams, crimes and blackmail online: where they are born, how they work and why they are difficult to stop)

La Stampa – Qualcuno potrebbe minare criptovalute col tuo browser, ecco come funziona il fenomeno (Someone could Mine cryptocurrencies with your browser, here’s how the phenomenon works)

AppleInsider Logo

AppleInsider– 25,000 Linksys routers are reportedly leaking details of any device that has ever connected to it


TechRepublic logo

TechRepublic – L.A. Times website injected with Monero cryptocurrency mining script

TechRepublic – Drupalgeddon 2 wreaking havoc on 900+ sites because IT still hasn’t applied updates

TechRepublic – Certificate issue disabling add-ons in Firefox and Tor Browser finally fixed


Tripwire logo

Tripwire – LA Times homicide website throttles cryptojacking attack


Infosecurity Mag logo

Infosecurity Magazine – LA Times Hit with Crypto-Mining Software

Infosecurity Magazine – Crypto Crime: Hunting for Cryptocurrency Mining in Your Enterprise (Webinar)

Infosecurity Magazine – Nearly 20,000 Orange Modems Leaking Wi-Fi Passwords

Infosecurity Magazine – Attackers Target Home Routers with DNS Hijacking

Infosecurity Magazine – Forbes Site Up, Then Down Again after Magecart Attack


HelpNetSecurity logo

Help Net SecurityCompromised MikroTik routers power extensive cryptojacking campaign

Help Net SecurityCisco botched patches for its RV320/RV325 routers

Help Net SecurityConsumer routers targeted by DNS hijacking attackers

Help Net SecurityAttackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs


BGR logo

BGRThousands of Linksys routers leaked detailed device connection records



BankInfoSecurity – Cryptojacking: Mitigating the Impact

BankInfoSecurity – Hacked MicroTik Routers Serve Cryptocurrency-Mining Malware

BankInfoSecurity – Magecart Spies Payment Cards From Retailer Vision Direct

BankInfoSecurity – Hackers Target Fresh Drupal CMS Flaw to Infiltrate Sites

BankInfoSecurity – Hackers Hit Unpatched Pulse Secure and Fortinet SSL VPNs

BankInfoSecurity – Chinese APT Group Began Targeting SSL VPN Flaws in July


The Daily Swig logo

The Daily Swig – Google begins enforcing JavaScript for logins

The Daily Swig – Vision Direct poked in the eye by credit card breach

The Daily Swig – Information disclosure vulnerability impacts 25,000 Linksys routers


TechRadar logo

TechRadar – More than 20,000 Linksys routers hit by serious security exploit


Naked Security Logo

Naked Security – Unsecured AWS led to cryptojacking attack on LA Times

Naked Security – Shodan and passwords sitting in a tree, S-H-O-W-I-N-G!


CoinDesk logo

CoinDesk – ‘Cryptojacking’ Software Attack Hits Hundreds of Websites


Liftr News logo

Liftr News – Report: Cryptojacking Trend Hits LA Times


Security Now! logo

Security Now! – Episode #662 – Drupal Sites Fall Victims to Cryptojacking Campaigns

Security Now! – Episode #667 – Drupalgeddon2 appears to be a fixture of the Internet

Security Now! – Episode #699 – Over 9,000 Cisco RV320/RV325 routers are vulnerable to CVE-2019-1653

Security Now! – Episode #729 – The mixed-Blessing of “Wide Open” Source projects…


DataBreachToday logo

DataBreachToday – Cryptocurrency Miners Exploit Widespread Drupal Flaw

DataBreachToday – Websites Still Under Siege After ‘Drupalgeddon’ Redux

DataBreachToday – Cryptojackers Keep Hacking Unpatched MikroTik Routers

DataBreachToday – Surge in JavaScript Sniffing Attacks Continues

DataBreachToday – Unpatched VPN Servers Targeted by Nation-State Attackers

DataBreachToday – NSA Is Latest Intelligence Agency to Sound VPN Patch Alarm


DarkReading logo

Dark Reading – Cryptojacking Threat Continues to Rise

Dark Reading – 5 Steps to Fight Unauthorized Cryptomining

Dark Reading – Cisco Router Vulnerability Gives Window into Researchers’ World

Dark Reading – Ongoing DNS Hijack Attack Hits Consumer Modems and Routers



New Scientist – You may be making cryptocurrency for hackers without realising


Techdirt logo

Techdirt – Covert Cryptocurrency Miners Quickly Become A Major Problem

Techdirt – Cryptocurrency Mining Company Coinhive Shocked To Learn Its Product Is Being Abused


Business Insider logo

Business Insider – A hacker has been using the Los Angeles Times’ website to mine the cryptocurrency Monero

Business Insider – If your computer has slowed, you might be mining crypto coins for someone else — here’s how to stop it



CSO – What is cryptojacking? How to prevent, detect, and recover from it

CSO – How to detect and prevent crypto mining malware

CSO – Don’t Let Your Website Become A Crypto Goldmine For Hackers

CSO – Cisco business routers targeted after patch, at least 9,000 vulnerable



WeLiveSecurity – US and UK government websites hijacked to mine cryptocurrency on visitors’ machines

WeLiveSecurity – Coinhive cryptocurrency miner to call it a day next week



BTCMANAGER – Cryptojacking Strikes Again! Hackers Target Government Websites to Mine Monero

BTCMANAGER – Monero Mikrotik Madness: Carrier-Grade Cryptojacking Scheme

BTCMANAGER – Hackers Unfazed by Crypto Price Crash as they Double Down on Wallet Attacks


Mashable logo

Mashable – Chrome extension is secretly mining cryptocurrency



Motherboard – ‘One of the Biggest’ Coinhive Users Made $7.69 In 3 Months


SC Media logo

SC Media – Cryptojacking campaign hits 400 Drupal-based sites, many run by governments and universities

SC Media – 2018 – The year that was: Top Cyberthreats

SC Media – Attackers scanning unpatched Cisco small business routers after exploit code published

SC Media – Cisco may have released a faulty patch in most recent update

SC Media – Cybercriminals launch attacks on home routers via Google Cloud Platform

SC Media – More than 25,000 Linksys Smart Wi-Fi Routers leaking data

SC Media – D-Link wireless modems found to leak passwords


SecurityIntelligence logo

SecurityIntelligence – Does the Rise of Crypto-Mining Malware Mean the End of Ransomware?



TechTarget – New cloud threats as attackers embrace the power of cloud



HackRead – After The Pirate Bay, Showtime Websites Also Found Mining Cryptocoins

HackRead – Chrome Extension with 105,000 installs is a Cryptocurrency Miner

HackRead – Hackers are using YouTube Ads to Mine Monero Cryptocurrency

HackRead – LA Times website hacked to mine Monero cryptocurrency

HackRead – Cryptojacking campaign hits 400 Drupal-based sites, many run by governments and universities

HackRead – The Pirate Bay is silently mining cryptocurrency without user consent

HackRead – VisionDirect hacked: Hackers infect domains with malicious Google Analytics code

HackRead – The Pirate Bay was caught twice secretly mining Monero cryptocurrency using Javascript powered by Coinhive.


Tom's Guide logo
Tom’s Guide
These D-Link Routers Are Under Attack: What to Do

Tom’s GuideThousands of Linksys Routers Leaking Sensitive Data: What to Do Now



Security Boulevard – 5 Cryptojacking Consequences CISOs Can’t Ignore

Security Boulevard – Coinhive to shut down all its cryptojacking services on March 8!

Security Boulevard – Cisco merely blacklisted a curl instead of actually fixing the vulnerable code for RV320 and RV325

Security Boulevard – Git Code Repos Held to Ransom – Thousands Hacked

Security Boulevard – Attackers wiped many GitHub, GitLab, and Bitbucket repos with ‘compromised’ valid credentials leaving behind a ransom note

Security Boulevard – Forbes subscribers warned of Magecart threat skimming credit card details

Security Boulevard – Egyptian DDoS Campaign Observations

Security Boulevard – A zero-day pre-auth vulnerability is currently being exploited in vBulletin, reports an anonymous researcher


SmarterMSP logo

SmarterMSP – Threat Watch: Cryptojacking


Tom's Hardware logo

Tom’s Hardware – Showtime Uses Online Viewers’ CPUs To Mine Cryptocurrency

Tom’s Hardware – The Rise Of Cryptojacking And How To Stop It


Gizmodo en Español logo

Gizmodo en Español‏ – Es una plaga: Movistar infecta “por error” su propia web para minar criptomonedas a través de sus usuarios (It’s a plague: Movistar infects its own website “by mistake” to mine cryptocurrencies through its users)



CriptoNoticias – “No hay que tomarse los mineros web a la ligera” asegura Troy Mursch, investigador de ciberseguridad (We shouldn’t take web miners lightly,” says Troy Mursch, cybersecurity researcher.)

CriptoNoticias – Página web de Movistar España minaba monero de sus usuarios con Coinhive (Movistar Spain web page mines Monero from its users with Coinhive)

CriptoNoticias – Un nuevo modelo de negocios: portal de noticias utiliza CoinHive con consentimiento de sus usuarios (A new business model: News portal uses Coinhive with the consent of its users)


Inverse logo

Inverse – Chrome Extension Secretly Used People’s Computers to Mine Cryptocurrency

Inverse – Tesla Latest Victim of Cryptojacking Attack, and More Could Come Soon

Inverse – Cryptojacking Attacks Continue as “Los Angeles Times” Falls Prey to Hackers

Inverse – Why This Cryptocurrency Mining Calendar App Wasn’t Such a Great Idea



Heise online – Chrome-Extension Archive Poster sammelt heimlich Kryptowährung (Chrome Extension Archive Poster secretly collects cryptocurrency)

Heise online – Drupal-Lücken: Lenovo versäumt Webseiten-Update und fängt sich Krypto-Miner ein (Drupal Gaps: Lenovo fails website update and captures crypto-miner)

Heise online – Jetzt patchen! Angreifer machen Jagd auf Cisco-Router (Patch now! Attackers hunt down Cisco routers)

Heise online – 20.000 Linksys-Router leaken angeblich Daten von verbundenen Geräten (20,000 Linksys routers are reportedly leaking data from connected devices)

Heise online – Jetzt patchen! Attacken auf VPN-Server mit Pulse Connect Secure (Patch now! Attacks on VPN server with Pulse Connect Secure) – Proxy-Server fügen Kryptominer ein (Proxy servers add cryptominer)


Cointelegraph – ‘Attack Or Business Opportunity?’: Academics Question Ethics Of Coinhive Cryptojacking

Cointelegraph – Coinhive Code Found On 300+ Websites Worldwide In Recent Cryptojacking Campaign

Cointelegraph – Report: Number of Routers Affected by Crypto Malware Doubled Since August, Reaching 415K


Security Affairs – A new Mirai variant is rapidly spreading, around 100,000 IPs running the scans in the past 60 hours

Security Affairs – Over 115,000 Drupal Sites still vulnerable to Drupalgeddon2, a gift to crooks

Security Affairs – Thousands of unpatched MikroTik Routers are involved in new cryptocurrency mining campaigns

Security Affairs – Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Security Affairs – Hackers are targeting Cisco RV320/RV325, over 9K routers exposed online

Security Affairs – Initial fixes for Cisco RV320 and RV325 routers were incomplete

Security Affairs – DNS hijacking campaigns target Gmail, Netflix, and PayPal users

Security Affairs – Magecart hackers inject card Skimmer in Forbes Subscription Site

Security Affairs – Internet scans found nearly one million systems vulnerable to BlueKeep

Security Affairs – Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Security Affairs – Botnet exploits recent vBulletin flaw to protect its bots


BizTech – How Cryptojacking Could Harm Your IT Environment


ExtremeTech – Showtime Caught Mining Cryptocurrency With Viewers’ PCs


Complex – Showtime’s Website Might Have Been Hacked to Mine Cryptocoin



PQ 148: How To Monitor Cryptojacking With Paessler PRTG

Episode 15: Special Guest Troy Mursch AKA “Bad Packets”, BatchOverflow, Route53 BGP Hijack, and a New Vulnerability in Equihash Mining Pools

Threatpost Podcast – Bad Packets Report Founder on Rising Cryptojacking Attacks

The Security Ledger – Podcast Episode 116: Cryptojacking and MikroTik’s Bad-Feeling Feel Good Patch Story



Crypto Crime: Hunting for Cryptocurrency Mining in Your Enterprise

Bad Packets Cofounder Troy Mursch discusses the key factors contributing to the rise of malicious cryptocurrency mining, the symptoms of cryptojacking, and brief history of the topic in this webinar hosted by Infosecurity Magazine.


Guest Blogs


Case studies

PRTG: Helping A Leading Independent Security Analyst Detect And Prevent Cryptojacking

In this case study, presented by Paessler, I document my use of PRTG to detect and monitor high-profile websites infected with cryptojacking malware.

View PDF copy



No Incident Unnoticed: Interview with Troy Mursch from Bad Packets Report