Mining malware is spreading like wildfire, every week now we run another story on some platform or other falling victim to it. As cryptocurrencies become far more lucrative than ransomware or identity theft incidents of exploits will only increase. Various governmental departments in Australia and the UK were found frantically calling the tech guys over the weekend as their websites were compromised.
According to the Guardian as many as 5,000 websites were infected with a variant of the Coinhive mining malware. In the UK they included websites of National Health Services, the Student Loans Company, and several English councils in addition to the UK’s data protection watchdog, the Information Commissioner’s Office. They have all been taken offline to deal with the issue.
The malicious miner came from a compromised plugin called BrowseAloud which enables blind and partially sighted people read content on websites. The script had the same operation as has been seen many times before; hijacking the machine’s hardware to mine for Monero. XMR is the number one crypto currency for criminals now since it is encrypted and anonymous leaving no trace to the destination wallets.
Plugin authors, Texthelp, took their own website offline to patch the compromised software;
“The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers’ CPUs to attempt to generate cryptocurrency, The exploit was active for a period of four hours on Sunday. The Browsealoud service has been temporarily taken offline and the security breach has already been addressed,”
The security consultant who documented the attack told media;
“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States. There were ways the government sites could have protected themselves from this. It may have been difficult for a small website, but I would have thought on a government