Hack left government sites mining the cryptocurrency Monero

Feb 15, 2018, 01:18
Hack left government sites mining the cryptocurrency Monero

Over the past few months, websites and servers have been repeated targets of malware that forces web browsers to secretly mine cryptocurrencies while using sites.

"We don't know how Texthelp were compromised yet, so it is hard to say whether they were really unlucky or there was some kind of inherent problem with what they were doing".

More than 4,000 websites are said to have been hacked, including the IN state government's website, the United States Courts' website and many UK government, ones such as the ICO, but the affected code had now been disabled, the BBC reports.

Over 4,000 sites from across the world - including those owned by the UK's Information Commissioner's Office (ICO) and the NHS - were taken down yesterday after security researcher Scott Helme raised the alarm.

More news: Canada wins Olympic figure skating gold, USA grabs bronze

The hijacking script uses Coinhive, a popular mining script itself is not meant to be malicious-at least according to its creators-but has gained a reputation for being used in these types of attacks, often referred to as cryptojacking. The affected websites all ran Browsealoud-a plugin from British tech firm Texthelp that reads out websites for those with visual impairments or conditions that affect eyesight.

It is a cryptocurrency created to make transactions untraceable, making it a better option than Bitcoin for those wanting to hide from the law.

TextHelp withdrew the plugin as a security measure, and a number of the affected websites were also taken offline. It inserts the code for Coinhive's Monero miner into it, meaning sites using the plugin were serving up the mining code without realizing it.

"If you want to load a crypto miner on a thousand websites you don't attack them all, you attack the one website they all load content from".

More news: Led coalition kills dozens of Russians in Syria?

Hackers often seek to infect others' computers with cryptominers because the mining process requires vast amounts of computational power, which often dramatically slows the device.

According to the report, the maker of the plug-in, Texthelp, confirmed that its product was breached for four hours by the mining malware.

A spokesperson for the National Cyber Security Centre said: "NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency".

They addend: "At this stage there is nothing to suggest that members of the public are at risk".

More news: N Korea stages a military parade on eve of Olympics

In a statement, Martin McKay, Texthelp's Chief Technology Officer (CTO), in a statement said the compromise was a criminal act and an investigation is underway. The company who makes the plug-in, Texthelp, thereafter confirmed the plug-in was hit for four hours by code created to generate cryptocurrency.

YOU MIGHT ALSO LIKE
  • Indian-American Raj Shah makes White House press briefing debut

    All of the officials interviewed for this article requested anonymity to discuss a personnel and national security matter. The episode is a staffing embarrassment for Trump and could threaten Kelly's standing in the White House, some say.
    Todd Frazier signs with the Mets for 2 years, $17 million

    Todd Frazier signs with the Mets for 2 years, $17 million

    Frazier hit 27 home runs previous year , while driving in 76 RBI between the White Sox and Yankees with an OBP of.344. His thumbs-down celebration-adapted from the reaction of a New York Mets fan-became a staple for Yankees players.
    Amtrak, CSX Train Crash In South Carolina

    Amtrak, CSX Train Crash In South Carolina

    Her injuries were minor, but waiting for help in the dark was terrifying, she told Neblett. The train, traveling from NY to Miami, was carrying 139 passengers and eight crew members.
  • White House takes dig at Omarosa after she makes negative Trump comments

    White House takes dig at Omarosa after she makes negative Trump comments

    She went on to break her silence about what she went through as Trump's Director of Communications. "She has no contact now". TV personality Omarosa Manigault shared some of her experience in the Trump White House while on " Celebrity Big Brother ".
    Latest iOS beta shows how battery health settings will work

    Latest iOS beta shows how battery health settings will work

    In January, Apple it would allow users to use a new UI tool to turn off the power management feature that slows down old iPhones . According to the Wall Street Journal , Apple is in talks with Goldman Sachs to offer easy loans to people buying Apple products.
    Gen Bajwa attends funeral prayers of martyred army personnel in Peshawar

    Gen Bajwa attends funeral prayers of martyred army personnel in Peshawar

    Prime Minister Abbasi said the war against terrorism will continue till the elimination of the last terrorist from Pakistan. Parts of the vallery had become strongholds of the Pakistani Taliban between 2007 and 2009.
  • Apple confirms iOS source code got leaked on GitHub

    Apple confirms iOS source code got leaked on GitHub

    In any case, Apple will have enough time to secure things up and might issue a patch to cover any risks posed by the leak. There are no details on how ZioShiba got the iBoot source code, but after seeing it, we're certain it's the real deal .
    DNA sought from immigrant in National Football League  player's death

    DNA sought from immigrant in National Football League player's death

    He questioned whether his client could get a fair trial given the local publicity about the case and his immigration issues. He also faces federal changes of illegal re-entry of a previously deported alien, federal court records show.
    Cornell Frat's 'Pig Roast' Gave Points For Sex With Heaviest Woman

    Cornell Frat's 'Pig Roast' Gave Points For Sex With Heaviest Woman

    We, too, are in disbelief and even more so that these alleged actions may have been taken by those whom we called brothers . Zeta Beta Tau have also said it is planning to host educational programs on healthy relationships.
  • 'Freezing rain will likely persist for several hours': Environment Canada

    'Freezing rain will likely persist for several hours': Environment Canada

    Freezing rain warnings are issued when rain failing in sub-zero temperature creates ice buildup and icy surfaces. Roads, highways, sidewalks and parking lots will be slippery with ice build-up expected in many areas.
    UFC 221 Results: Yoel Romero Sleeps Luke Rockhold In Third Round

    UFC 221 Results: Yoel Romero Sleeps Luke Rockhold In Third Round

    This streak is highlighted by wins over Brad Tavares, Uriah Hall, Rafael Natal, Derek Brunson, "Jacare", and of course, Romero. The fight kicked off at a glacial pace, with Rockhold establishing the distance and picking at Romero with leg kicks.
    Trump's Nuclear Doctrine More Aggressive Toward Russia than Obama's

    Trump's Nuclear Doctrine More Aggressive Toward Russia than Obama's

    The U.S. says it has been in compliance with the limits since August and it expects the Russians to comply by Monday's deadline. The Pentagon will also bring back sea-based nuclear cruise missiles, which will take up to a decade to develop, officials said.
popular