Crypto-Jackers Hack Over 4200 Websites Thanks to a Faulty Plugin

Crypto-jackers are getting more and more confident, attacking computers and website on various levels. Even US and UK government websites fell prey to this problem this time around.the websites run by US and UK’s government were found involved.

In total, thousands of websites were hijacked to secretly use browsers to mine cryptocurrency.

Crypto currency vulnerability

The vulnerability was reported by The Register yesterday, with a compromised plugin, Texthelp’s “Browsealoud”, being the main culprit. The plugin helps people with visual impairments with full or partial blindness or conditions like dyslexia.

The Register has estimated the affected websites to be more than 4,200 in number:

A list of 4,200-plus affected websites can be found here: they include The City University of New York (cuny.edu), Uncle Sam’s court information portal (uscourts.gov), Lund University (lu.se), the UK’s Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner’s Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other .gov.uk and .gov.au sites, UK NHS services, and other organizations across the globe.

Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk, legislation.qld.gov.au, the list goes on.

What is Crypto-Jacking?

Crypto Jacking

To define it in the easiest way possible, it is the process of using someone’s pc/server/website etc to mine cryptocurrency without their consent. Mining code or scripts are injected into other people’s websites which lets the attackers easily access a great number of PC’s resources from all around the world.


ALSO READ

This Pakistani Lost Millions in Cryptocurrency to a Virus and Here’s How to Avoid it


You may recall Comsats University’s website doing something similar. This was also due to crypto-jacking, with a malicious hacker injecting mining scripts on the website, and using any PC that accesses it for mining cryptocurrency.

The Real Culprit

The real cause behind this recent fuss was an infamous Javascript-powered Monero miner from Coinhive. According to Coinhive’s policy, a 30 percent cut is reserved for it if miners do their job using unmodified versions of its plugin.

However, the company considers it highly un-professional for the miners to secretly embed the miner in websites without informing the users about borrowing their PC’s processing power.

According to The Register:

The injected mining code was obfuscated, but when converted from hexadecimal back to ASCII it spelled out the necessary magic to summon Coinhive’s stealthy JavaScript miner to the page.

Texthelp is fully aware of the issue and has filed a case for its investigation. Martin McKay, the CTO for the company spoke about the measures taken regarding the issue:

Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline. This was a criminal act and a thorough investigation is currently underway by an independent security company.

Via Gizmodo


Ltd feature videos

Watch more at LTD

close
>