Crypto-Mining Attacks  - Crypto Mining Attacks - Crypto-Mining Attacks – Attackers Hijacked 4275 Websites for Mining

Attackers hijacked 427 websites to inject Coinhive Monero miner including the websites of government authorities(ico.org.uk), NHS Foundation (nhs.uk), and uscourts.gov. Crypto- Attacks are one of the emerging threats for enterprises. And the recent trend is more mainstream and is done directly via web pages.

One thing in common for all the infected websites is Browsealoud plugin provided by texthelp that adds speech, reading, and translation to the website has been and it’s host scripts was modified.

The mining script was first noticed by Information Security Consultant Scott HelmeIf you want to load a crypto miner on 1,000+ websites you don’t attack 1,000+ websites, you attack the 1 website that they all load content from“Helme said.

Crypto-Mining Attacks  - Crypto Mining Attacks 1 - Crypto-Mining Attacks – Attackers Hijacked 4275 Websites for Mining

Attackers altered the ba.js and include document.write call that adds Coinhive crypto miner to any number of the page that loaded in to.

What’s Coinhive?

Coinhive offers a JavaScript miner for the Monero Blockchain that can be embedded into other Web sites. The users run the miner directly in their Browser and mine XMR for the site owner in turn for an ad- experience, in-game currency or whatever incentives they are availing to their users/visitors.

With further investigation, Helme identified a number of sites have been injected including the government websites of numerous countries.Here is the affected websites list.

Texthelp the plugin provider confirmed it was hacked on 11.14am on Sunday and the hack lasts for four hours. Now the plugin was temporarily taken down by Texthelp.

Texthelp security officer Mr. McKay said: “Texthelp has in place continuously automated security tests for Browsealoud, and these detected the modified file and as a result, the product was taken offline”.

At GBHackers last November we identified a very popular torrent sharing site www.137x.io added coinhive mining script.

Preventive Measures – Crypto-Mining Attacks

Helme suggested adding SRI Integrity attribute to the website which forces the browser to check the integrity, which allows it to reject the file. He has written an article explaining how to add SRI Integrity Attribute.

If you are a normal user, install AdGuard’s extension on your browser and you will be good to go.

If you are a geek, you would already probably know the trick. Hint: Use script blockers like uBlock Origin.

we suggest our users to be extra cautious while visiting sites on the internet from now on. And if you like some website or a blog and want to support them, you may allow them to mine crypto-currency using your computer’s energy.





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here