Crypto-Miners Attack Thousands of Government Websites
More than 4000 government websites across the world has been attacked yet again, and this time again it’s the new player Cryptocurrency. The strain of malicious malware has made its way, as reported. The attack seems to have started on February 11th and went on until 12th of February morning. All that the hackers wanted was to harness the power the thousands of computers that visit the government websites and put them in mining work for the cryptocurrency, without the host knowing it.
According to Tip Ranks Crypto Center, “Like several of attacks taking place over the past few months, the cryptocurrency in question is Monero (XMR). It’s similar to Bitcoin (BTC) and Ethereum (ETH) in that it’s blockchain based, but unlike that pair, Monero places a premium on transaction privacy. Monero is the eleventh most popular cryptocurrency when measured by Market Cap, according to the Tip Ranks Crypto Center.”
Scott Helme, a UK security researcher discovered the malicious software on Sunday. He noted how the cybercriminals got access to the backdoor in a plug-in called Browsealoud, which helps people with low vision, dyslexia and low literacy access the internet. Helme wasted no time to declare that the perpetrators were “mining”.
Helme describes the hacker’s strategy this way “If you want to load a crypto miner on 1,000+ websites you don’t attack 1,000+ websites, you attack the 1 website that they all load content from.”
The secret to crypto jacker lies in the secret of their finding websites which is trusted by the users. It’s obvious that such trusted websites add the element of trust and confidence to their visitors. So the trust plays an important part and banking on that reliability, users click on the ad displayed there, or even play the video. So taking advantage of this trust factor the jackers employ Browsealoud. This may look harmless unless the hackers turn them into a mechanism for mining malware.
The difference here is that Browsealoud is hacked at the source itself and a tiny crypto-mining JavaScrip is hidden in the code. Browseloud is just a means to inject the Trojan Horse. The government websites allow the Browsealoud add-on for its credibility, exposing thousands of visitors hidden crypto jackers.
Browsealoud is a software-based learning solution that was developed by a company called Texthelp. The company’s CTO Martin McKay said that “Texthelp has in place continuously automated security tests for Browsealoud, and these detected the modified file and as a result, the product was taken offline.”
While Texthelp is guilty of all the happenings, Helme largely blames the government bodies who operate the affected websites. “There are technical measures that exist to protect against exactly this kind of thing. This is not a new problem.”
It was hardly few days ago when billion people have been targeted globally in a similar attack. This time the target is government websites in the UK, US, and Australia. If our readers can remember, a similar warning and attack were reported in The Guardian, which reads how the visitors to the websites Open load, Streamango, Rapidvideo, and OnlineVideoConverter were also being crypto-jacked. The victims numbered in the hundreds of millions. In January there was a widely reported attack on Alphabet Inc’s (GOOGL) YouTube; a giant, juicy target with 1.5 billion users watching an average of 60 minutes of videos a day.
The recent rise in attacks related to crypto-jackers is mainly for their urge to get CPU horsepower to accomplish cryptocurrencies. Crypto-mining is about solving cryptography puzzles, which requires high-energy computer processing power, and besides, it is also costly. CoinHive gives them the benefit which in its tiny form makes them achieve the objective. The crypto-jackers only job is to infect as much computer he can without being traced. So they create an army of zombies intended to target innocent internet users.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.