Irish websites affected by cryptocurrency mining hack
12 February 2018 | 0
A number of Irish websites, including some from government and the public sector, were among some 4,000 infected with malware that co-opted users’ browsers into mining cryptocurrencies.
The hack was first discovered by security professional Scott Helme, and was verified and reported by The Register. However, the hack is non-persistent and disappears when the browser tab or window is closed.
A list of sites totals more than 4,000, with several Irish sites among them, such as Oireachtas.ie, agriculture.gov.ie, corkcoco.ie, fingalcoco.ie and chg.gov.ie.
Sophos’ Naked Security blog reports that the malware is cleverly designed and even “includes code that tries to limit the amount of processing power that the cryptomining will steal, presumably in the hope of staying unnoticed for longer”.
Despite the extent of infections, the Sophos team believe that the hack is of limited effect. The Naked Security blog says that they have “formed the opinion that the rogue script in this case: didn’t try to launch any other attacks, didn’t make itself persistent (in other words, won’t survive after you exit your browser), didn’t steal any data, and didn’t try to change any browser settings.”
The Sophos team offers information and advice for web site owners on what to do if their sites are affected.
Some security professionals have said that the limited nature of the payload and its non-persistent nature may well have been a proof-of-concept type attack to determine if widespread, surreptitious cryptocurrency mining is viable. Therefore this might be a precursor to a more sophisticated, and perhaps harder to detect attack.
As was predicted by F-Secure’s Mikko Hyppönen speaking to TechPro, hackers are looking for ways to build distributed networks to mine cryptocurrency, with this as the latest manifestation of their attempts.