Government websites hit in cryptojacking attack

Anthony Caruana 12 February 2018 NEWS

CryptoTake_Shutterstock738

More than 4,200 sites have been infected with malware designed to help in mining cryptocurrencies.

Over 4,200 websites around the world including some from Australian, US and UK government sites have been infecting with cryptojacking malware.

Scott Helme, a security researcher, says 4,275 sites have been affected by malicious JavaScript software that is developed by a third-party but used by many other sites, including government sites around the world. He says the attacks could have been "completely mitigated" had the state developers/owners taken some basic security precautions.

With the cost of crypto-mining rising and the risk/return equation becoming increasingly volatile, criminals see cryptocurrency mining as an easy way to generate revenue with a relatively low risk of being apprehended. So, rather than jack up their own power bills, they are using malicious software to siphon processor power from unsuspecting victims.

In effect, the crime is the theft of computing power to then engage in cryptocurrency mining.

The cryptojacking malware was injected into a browser plugin called Browsealoud that is developed by Texthelp. The plug-in reads out webpages for visually impaired people. Either internal or external hackers added their own code into Browsealoud which used Coinhive's Monero miner to silently steal CPU cycles to generate the cryptocurrency.

The software was altered on Sunday 11 February 2018 between 02:58:04 and 13:21:56 GMT according to Helme.

Site owners could have used SRI (Sub Resource Integrity) to detect the computer code that was altered. SRI uses a "digital fingerprint" to identify software that has been verified to be safe and stops the execution of software where that unique fingerprint has been altered. In addition, the Coinhive malware is not new, with security companies making detection tools available through off-the-shelf security software.

The impact on the affected companies goes beyond the loss of a few processor cycles and some energy. With government sites affected, there will be further inquiries to ensure other malicious software has not slipped through security nets and that appropriate protocols are in place to ensure other commonly used third-party scripts and software modules are not being similarly exploited.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Privacy & Cookies Policy and Terms of Use, Disclaimer & Privacy Policy.
Ask a question
Go to site