Thousands of Government Websites Attacked by Cryptocurrency Hackers
By Jeremy Ladner
‘Sneaky malware takes over your computer and turns it into a zombie crypto-miner.’
Cryptocurrency hackers strike again, this time infecting more than 4,000 government websites across the globe with their strain of malicious mining malware. The attack began late February 11 and lasted into the early morning hours of February 12. The hackers' goal was to harness the horsepower of the hundreds of thousands of computers that visit the government websites and to secretly put them to work mining for cryptocurrency.
Like several of attacks taking place over the past few months, the cryptocurrency in question is Monero (XMR). It’s similar to Bitcoin (BTC) and Ethereum (ETH) in that it’s blockchain based, but unlike that pair, Monero places a premium on transaction privacy. Monero is the eleventh most popular cryptocurrency when measured by Market Cap, according to Tip Ranks Crypto Center.
The bandits broke in through the backdoor in a plug-in called Browsealoud, which helps people with low vision, dyslexia and low literacy access the internet. Scott Helme, a UK security researcher discovered the malicious software on Sunday. Helme left no room for speculation about the purpose of the perpetrators saying it was "definitely mining".
Helme describes the hacker’s strategy this way:
"If you want to load a crypto miner on 1,000+ websites you don't attack 1,000+ websites, you attack the 1 website that they all load content from."
The secret to success for crypto-jackers is finding a website people already trust. Those trusted websites unwittingly add the element of confidence to the con. Once you as a user trust the site you’re visiting, you’re more likely to click on an ad, press play to watch a video or employ an add-on like Browsealoud. All of which are usually harmless, unless of course hackers have turned those tools into a Trojan Horse delivery mechanism for their mining malware.
Browsealoud is made by Texthelp, a privately held company that offers a range of software-based assistive learning solutions. Martin McKay, the company’s chief technology officer, said that "Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result, the product was taken offline."
While Texthelp certainly bears some responsibility, Helme believes the bulk of the burden falls on the shoulders of the government bodies who operate the affected websites. "There are technical measures that exist to protect against exactly this kind of thing. This is not a new problem."
In fact, in just the past few months more than a billion people globally have been the targets of this type of attack. This time, the targets were government websites servicing the UK, US and Australia. In December, The Guardian reported that visitors to the video sites Openload, Streamango, Rapidvideo, and OnlineVideoConverter were also being crypto-jacked. The victims there numbered in the hundreds of millions. In January there was a widely reported attack on Alphabet Inc’s (GOOGL) YouTube; a giant, juicy target with 1.5 billion users watching an average of 60 minutes of videos a day.
The recent surge in attacks is driven by hacker’s hunger for the CPU horsepower needed to compete for cryptocurrency. Crypto-mining involves solving complex cryptography puzzles. That requires an enormous amount of costly, and energy-intensive computer processing power. Malware like CoinHive gives them a tiny untraceable tool to get the job done. In a scene reminiscent of Game of Thrones, the crypto-jackers’ goal is to infect millions of computers, raising a massive army of zombie crypto-miners from the hordes of hapless internet surfers.
The zombie apocalypse may not yet be upon us yet, but it’s certainly a good time to be in the undead anti-virus business.