Reports of mining malware infestations are an almost weekly occurrence now. With cryptocurrency mining becoming more lucrative than ransomware, hackers are upping their game and widening the digital net. Those caught in it this week included a number of government websites in the UK and Australia.
In what has been newly termed as ‘cryptojacking,’ the Guardian reported that thousands of websites had been infected over the weekend. Those that visited the compromised websites would have their computer hardware hijacked in order to mine Monero for the perpetrators.
According to the reports, websites of the NHS services, the Student Loans Company, and several English councils, were all infected. Over the weekend, the website of the UK’s data protection watchdog, the Information Commissioner’s Office, was taken offline to deal with the infection.
The malicious software came via a plugin called BrowseAloud which helps partially-sighted people access content on the web. The plugin authors took their own website down while they tried to resolve the problem. As many as 5,000 website have been compromised with a variant of the Coinhive mining script, which allows webmasters to leech resources from the hardware of their readers.
Monero is usually the crypto of choice as it is anonymous and encrypted and, therefore, cannot be traced back to the source wallets.
Scott Helme, an IT security consultant, raised the alarm after a friend got an alert from his anti-virus software after visiting a government website:
This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States.
Digging Down Under
It appears that mining malware has also compromised websites in Australia, including the Victoria Parliament’s site, the Queensland Civil and Administrative Tribunal, the Queensland ombudsman, the Queensland Community Legal Centre, and the Queensland legislation website, which lists all of the state’s acts and bills.
The same plugin was found to be the cause of the incursion. Helme, who documented the attack, went on to state:
There were ways the government sites could have protected themselves from this. It may have been difficult for a small website, but I would have thought on a government website we should have expected these defence mechanisms to be in place.
Texthelp, the company responsible for the compromised plugin, said:
The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers’ CPUs to attempt to generate cryptocurrency, The exploit was active for a period of four hours on Sunday. The Browsealoud service has been temporarily taken offline and the security breach has already been addressed.
Just last week Apple and Android systems were infected with similar mining malware, and the frequency of exploits such as this will only increase due to the gains to be made and lack of any prosecution.
Is your antivirus software ready for a mining malware attack? Share your experiences in the comments below.
Images courtesy of Bitcoinist archives.