Cryptojacking attack hits 4,000 websites

Cryptojacking attack hits 4,000 Websites

Cryptojacking is becoming the biggest cyber threat lately, affecting thousands of websites including the government ones too.

Cryptojacking is a process in which anonymous hackers inject a piece of JavaScript into websites and secretly mine cryptocurrencies using the site’s visitors’ CPU.

Thousands of websites around the world are invaded by cryptojackers however some of the unusual infected sites include the ones by the UK’s ICO (Information Commissioner’s Office) and NHS (National Health Service) and US’ federal judiciary.

When sites like UK’s ICO which is the national data protector and privacy watchdog gets infected by the malware, no wonder ordinary sites offer this malicious cryptocurrency mining software on their platforms.

Security researcher, Scott Helme, pointed out the issue on Sunday via Twitter.

Helme noted that all the affected sites used a fairly popular plug-in called Browsealoud made by a UK company, Texthelp. Browsealoud was the main source of infection.

Browsealoud is a web screen reader that reads web pages for blind and partially sighted people. So every website – including government websites in the UK, US and Australia – that used Browsealoud served the malware.

“If you want to load a crypto miner on 1,000+ websites you don’t attack 1,000+ websites, you attack the 1 website that they all load content from,” wrote Helme in his blog regarding the attack.

Attackers simply injected a cryptocurrency mining script in the JavaScript library of Browsealoud, offering CoinHive’s Monero miner to some 4000 websites.

CoinHive is the service behind the malware which is designed to mine the Monero cryptocurrency.

Texthelp confirmed in a statement that it was compromised by anonymous attackers and said it is investigating the matter.

“At 11:14 am GMT on Sunday 11th February 2018, a JavaScript file which is part of the Texthelp Browsealoud product was compromised during a cyber attack,” the statement read.

The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency.  This was a criminal act and a thorough investigation is currently underway.”

Texthelp claimed that the malicious crypto miner was up on Sunday, only for four hours until the company pulled Browsealoud offline.

Texthelp also claimed that no customer data was affected by the attack. The company “examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers CPUs to attempt to generate cryptocurrency”.

Soon after Helme flagged the attack, the ICO website went offline on Sunday.

“We are aware of the issue and are working to resolve it. We have taken our website down as a precautionary measure whilst this is done,” said an ICO spokesperson.

The UK’s National Cyber Security Center took notice of the incident and issued a statement on Sunday. The statement reads:

NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency.

The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely.

At this stage, there is nothing to suggest that members of the public are at risk.

ICO is being highly criticized for being such an easy target for the malware though being a government website. If the national watchdog can be infected this easily then why can’t anyone else? Cryptojacking is spreading like fire in a jungle and can definitely become a very serious problem in the future.

Also Read: YouTube served ads being used to mine cryptocurrency

What do you think?

0 points
Upvote Downvote

Total votes: 0

Upvotes: 0

Upvotes percentage: 0.000000%

Downvotes: 0

Downvotes percentage: 0.000000%

Uber and Waymo Settle Lawsuit for $245 Million

Uber and Waymo Settle Lawsuit for $245 Million

Whatsapp Rolls Out its First Digital Payment Feature In India

Whatsapp Rolls Out its First Digital Payment Feature In India