Previous Story
Malware mining cryptocurrency hits government sites
Posted On Feb 15 2018
Comment: Off
Over the past few months, websites and servers have been repeated targets of malware that forces web browsers to secretly mine cryptocurrencies while using sites. Hackers have managed to compromise the Browsealoud plugin in some way and get it to run the crypto-mining code. They include sites for Queensland government legislation, Queensland Urban Utilities, the Victorian parliament and South Australia’s City of Unley, according to iTnews.
“To take this one step further and ensure absolute protection, you can use Content Security Policy and the require-sri-for directive to make sure that no script is allowed to load on the page without an SRI integrity attribute“.
He said the bigger issue for site owners was that if they were putting third party plugins on their website, they needed to do due diligence to ensure that the software they were installing was reputable.
“Websites were infected with malware used by criminals”, he said.
Texthelp, the company that sells Browsealoud, has now taken down the service until midday Tuesday 13 February.
The United Kingdom’s Information Commissioner’s Officer (ICO) – a crown appointed commission for handling data privacy – and Student Loans Company were the main victims of the attack in Europe.
The hacked plugin, TextHelp’s Browsealoud, reads websites aloud for users with partial or total blindness. Coin Hive was conceived as a way to help users gain a little extra income – “mining” uses computer power to validate cryptocurrency transactions, for which the miner is given a small amount of the currency.
As for the plugin maker is concerned, Texthelp (the company behind Browsealoud) wrote that it does have automated security tests in place, which “detected the modified file and as a result the product was taken offline”. He said it’s a very lucrative proposal because hackers infect only one website and it infects around 5,000. An analysis suggested that the software was online for about four hours before Texthelp acted. The Coinhive mining script was added to the plugin’s code some time between 0300 and 1145 UTC. It has the ability to utilise computer power to mine Monero when the browser window was loaded. As with most of these injections, your system wasn’t facing a security risk – you would have just noticed your system bogging down while searching for government info. “This was a criminal act and a thorough investigation is now underway”, he said.
On Sunday, the U.K.’s National Cyber Security Centre issued a statement that it was “examining data involving incidents of malware being used to illegally mine cryptocurrency”.
