Irish websites affected by cryptocurrency mining hack

(Image: Monero)

Government sites on list of malware-infected

Print

PrintPrint
Pro

Read More:

12 February 2018 | 0

A number of Irish websites, including some from government and the public sector, were among some 4,000 infected with malware that co-opted users’ browsers into mining cryptocurrencies.

A plug-in that reads web site text for the disabled called Browsealoud, was compromised in such a way that it allowed the injection of a JavaScript into the open tab of a browser that directed the user’s computer to mine the cryptocurrency Monero.

The hack was first discovered by security professional Scott Helme, and was verified and reported by The Register.  However, the hack is non-persistent and disappears when the browser tab or window is closed.

A list of sites totals more than 4,000, with several Irish sites among them, such as Oireachtas.ie, agriculture.gov.ie, corkcoco.ie, fingalcoco.ie and chg.gov.ie.

Sophos’ Naked Security blog reports that the malware is cleverly designed and even “includes code that tries to limit the amount of processing power that the cryptomining will steal, presumably in the hope of staying unnoticed for longer”.

Despite the extent of infections, the Sophos team believe that the hack is of limited effect. The Naked Security blog says that they have “formed the opinion that the rogue script in this case: didn’t try to launch any other attacks, didn’t make itself persistent (in other words, won’t survive after you exit your browser), didn’t steal any data, and didn’t try to change any browser settings.”

The Sophos team offers information and advice for web site owners on what to do if their sites are affected.

Some security professionals have said that the limited nature of the payload and its non-persistent nature may well have been a proof-of-concept type attack to determine if widespread, surreptitious cryptocurrency mining is viable. Therefore this might be a precursor to a more sophisticated, and perhaps harder to detect attack.

As was predicted by F-Secure’s Mikko Hyppönen speaking to TechPro, hackers are looking for ways to build distributed networks to mine cryptocurrency, with this as the latest manifestation of their attempts.

TechCentral Reporters

Read More:



Comments are closed.

Back to Top ↑