Lately, almost every week there are news about viruses that infect computers or sites and later use the computing power for mining cryptocurrency.
This time the victims were a number of government sites in the UK and Australia.
According to the Guardian, thousands of websites have been infected by one of these viruses this weekend. For this phenomenon there was even a special term – cryptojacking.
The largest scale attack
According to reports, online services, the NHS, Student Loans Company and several other government websites have become the initial victim. On the weekend the website Information Commissioner”s Office special governmental organization, the aim of which is data protection, was forced to stop working in order to cope with the virus.
The malware spread via a plug-in called BrowseAloud, which allows people with vision impairments to access content on the Internet. The creators of the plugin also had to disable my own site to solve the problem. All, approximately 5,000 sites have been infected with one of the options Coinhive script that allows webmasters to use their resources for mining cryptocurrency.
Attackers typically bottom Monero due to the fact that this cryptocurrency has a high degree of anonymity, and therefore it is impossible to track.
Scott Helme, a consultant for it security, raised the alarm after his friend drew attention to a notification by the antivirus program after visiting the government web site:
This type of attack is not new, but this is the biggest attack I’ve seen. Hacking one company means that affected thousands of sites in the UK, Ireland and the United States.
The situation in Australia
Malware for mining had also affected some government websites in Australia, including the website of the Parliament of Victoria civil and administrative court of Queensland, the website of the Ombudsman of Queensland, the site of the legal centre and the Queensland legislative website of Queensland, which contains all the laws of the state of ,
All affected website become victims because of the same plugin. Chelm believes that:
Actually there are ways that could have used government sites to protect themselves. For a small site is possible and difficult to implement, but for a number of government websites this should not present any difficulties.
Texthelp, developer of hacked plugin, said:
The company has carefully studied the modified file and we can confirm that he did not transfer any data, but simply used the resources of site visitors for the mining of cryptocurrencies. The exploit has been active for four hours on Sunday. The Browsealoud service has been temporarily disabled, and the vulnerability is already eliminated.
Just last week we reported about a new malware that hit Android devices, including set-top boxes and engaged in mining Monero.