Cryptocurrency Miner Invades 4,000 Sites Via Third Party Tool

Over 4,000 websites ended up leaching away visitors' computing power on Sunday. The reason? A hacker had infected the sites with a cryptocurrency miner.

USCourts.gov and dozens of UK government-related sites, including data privacy advocate the Information Commissioner's Office, were unknowingly pulled into the hacking scheme.

All of the websites were found carrying a web script that secretly mined a digital currency called Monero over the browser, according to a UK-based security researcher named Scott Helme, who noticed the problem on Sunday. (A list of the affected websites can be found here.)

However, none of the destinations were hosting the code individually. The hacker behind the scheme embedded the cryptocurrency miner into a third-party tool called Browsealoud, which ran across the sites. On Sunday, the company behind the tool, Texthelp, confirmed the incident, which lasted for four hours. "This was a criminal act," the company added.

BrowseAloud>

The third-party tool is designed to translate and read text aloud across a webpage. Although it isn't clear how the product was infiltrated, Texthelp pulled the plug on the mining by taking Browsealoud offline until Tuesday.

The good news is that the hacking only focused on mining Monero, a process that can drag down your computer's performance, but doesn't involve lifting passwords or credit card information. "No customer data has been accessed or lost," Texthelp said.

However, the incident is the latest in a long line of cryptocurrency mining attacks, which security experts say have exploded in recent months. In January, for instance, YouTube was pulled into a similar scheme that involved seeding the video platform's ads with mining software to generate virtual currency.

One factor driving all the attacks has been the rising value of Monero, which has reached $240 a coin, up from a mere $12 a year ago. Another reason is a service called Coinhive, which offers a Javascript Monero miner that anyone can register to use—including hackers.

As a result, cybercriminals have been tampering with numerous websites and slipping in Coinhive's mining script. Sunday's incident used the same playbook; Browsealoud code was changed to also host Coinhive's miner, Helme examined.

It's also on @uscourts! pic.twitter.com/UyPjzbEsPw

— Scott Helme (@Scott_Helme) February 11, 2018

It isn't known who runs Coinhive. But on Monday, the operators confirmed that their miner had been used in Sunday's hijacking scheme. "This indeed used our service and mined about 0.1 XMR [0.1 Monero or $24] over the past weekend. It's a sharp but very short spike in hash rate. We have terminated the account in question," Coinhive said in an email.

The operators of Coinhive initially denied that their service had been involved; they first claimed that the attackers used their own servers to host a miner copied from Coinhive.

Related

However, both Helme and another security researcher named Troy Mursch told PCMag that the evidence still pointed to the hackers using a miner directly hosted by Coinhive. (Helme also uploaded the snippet of Browsealoud code that contained the Coinhive domain.) The operators behind Coinhive later sent another email, correcting their statement.

On the same day, the UK's National Cyber Security Centre issued an advisory about the incident, calling the malicious cryptocurrency mining "illegal."

Fortuately, it isn't hard to stop in-browser mining. Usually all it takes is closing the window of the website hosting the miner. Antivirus products and browser extensions can also automatically flag and block the miners, too.

Source : https://www.pcmag.com/news/359180/cryptocurrency-miner-invades-4-000-sites-via-third-party-too

Cryptocurrency Miner Invades 4,000 Sites Via Third-Party Tool
Cryptomining malware spread via US, UK and Australian government sites
Tesla left its cloud servers open to cryptomining hackers
Opera's New Crypto-Mining Blocker Is a Great Reason to Try Its Web Browser
Bitcoin Value Jumps Past $4000 For The First Time Over The Weekend On Faster Transaction Code
Twitter adds support for app-based two-factor authentication
Featured Company News - Huntington Ingalls Industries Awarded Refueling and Complex Overhaul Contract for Aircraft Carrier USS George Washington
Bonkers Latvian SUV Maker DARTZ Becomes First Carmaker To Sell Cars For Bitcoin Or Ether
Bitcoin investors expect futures volumes to climb as CME Group prepares to launch its futures contract
Bitcoin: If It Ain't Dead, It Should Be Because It's All About "White Privilege"