Cryptomining malware found in US, UK, and Australian government websites

By midian182
Feb 12, 2018
Post New Reply
  1. There were a number of reports late last year concerning websites featuring drive-by cryptomining—a practice that uses the CPUs of visitors to surreptitiously mine crytpocurrencies. Now, it’s been discovered that thousands of sites, including many from the US, UK, and the Australian governments, were infected with the same Monero miner from Coinhive.

    UK-based security consultant Scott Helme first discovered the malicious code, which was confirmed by The Register. The affected websites all ran Browsealoud—a plugin from British tech firm Texthelp that reads out websites for those with visual impairments or conditions that affect eyesight.

    Browsealoud’s code had been compromised, allowing the sites to run the Javascript-powered miner. Coinhive has long said its product is a legitimate way for websites to make money and doesn’t endorse anyone using its code without first informing visitors.

    “The injected mining code was obfuscated, but when converted from hexadecimal back to ASCII it spelled out the necessary magic to summon Coinhive’s stealthy JavaScript miner to the page,” writes the Register.

    We still don’t know who was behind the attacks. Some of the 4200 affected sites included The City University of New York (cuny.edu), the court information portal (uscourts.gov), Lund University (lu.se), the UK’s Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner’s Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), along with several Australian government sites, including both the Queensland and Victoria parliaments.

    As with most (though not all) cryptpominers, the mining process ended when users left the pages or closed their browser tab. Thankfully, the code was only active for several hours on February 11 before Texthelp disabled the plugin.

    “In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year and our data security action plan was actioned straight away,” said Texthelp's chief technology officer Martin McKay in a statement.

    “Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline.”

    The company added that no customer data has been accessed or lost. Further updates will be provided when the investigation has been completed.

    Permalink to story.

     
  2. Cycloid Torus

    Cycloid Torus Stone age computing. Posts: 3,487   +912

    What happens to a crypto-currency when malware miner software is suddenly crushed?
     
  3. Uncle Al

    Uncle Al TS Evangelist Posts: 4,092   +2,584

    As said on many occasions, the only way to effectively slow this kind of theft is through capital punishment. While it may sound harsh, looking at the tens of thousands of lives that are impacted by loss of retirements, pensions, etc. as well as how often this can shorten the lives as well as diminished quality of life, putting and enforcement of such penalties will at the least eliminate the thieves. Financial punishments against the countries from which they emanate will put pressure on those governments to emulate the same. White collar crime has been tolerated far too long in this country as well as around the world.
     
  4. davislane1

    davislane1 TS Grand Inquisitor Posts: 5,149   +4,223

    The growth speed of mining difficulty slows. That's about it.
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...