Cryptocurrency Mining Malware Affects 5,000 Websites, including UK Govt Sites!

Feb 13 2018

Over the past few months, there has been a marked increase in the number of cryptocurrency related crimes too. One of the most common cryptocurrency related crime is that of cryptojacking - which is a malware that finds its ways into websites, which mines for cryptocurrencies using the processing power of the visitors’ CPUs. One such cryptocurrency mining malware has now affected over 5000 websites, which includes some high-profile names such as the UK Govt. 

This malicious cryptocurrency mining script made its way into these websites via a plugin ‘BrowseAloud’, which is a tool used by many websites to aid visually impaired visitors in browsing the website. The affected websites include major names such as the NHS Services, Student Loan websites, as well as a number of other English Council websites. 

These 5000 websites were all running the Coinhive script which has been used on multiple occasions in the past to mine for cryptocurrencies. The Coinhive script runs in the background while mining for Monero (XMR) cryptocurrency using the processing power of a website visitor’s CPU. While the official Coinhive documentation states that website owners need to declare the fact that the script is running in the background, pretty much no one does that.

The National Cyber Security Center (NCSC) of the UK knows about this attack and is currently investigating it. “NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency,” a statement read. “The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk.”

Cryptojacking attacks are on the rise of late. Recently, thousands of Android applications were found affected by a similar malware which was mining for Monero using the processing power of the smartphones. In addition to that, Indian newspapers the Deccan Chronicle and the Asian Age too, were found running this script. ThePirateBay has also been using this technique as a source of revenue. 

Perhaps the most high profile victim of these malware attacks so far has been YouTube. A script on YouTube ads was causing PCs to mine for cryptocurrencies. However, Google immediately responded and stopped these malicious ads. There is no way to know if you are being cryptojacked other than checking the source of the website and looking for the Coinhive script - which may be a tedious task for those who aren’t tech-savvy. Other signs include a spike in CPU usage activity, as well as the browser slowing down and hanging. 

However, it isn’t just cryptojacking which is on the rise. There are a number of other cryptocurrency related cyber-crime activities which have been increasing. Some of the most infamous examples include the use of ransomware, as well as other malware which change cryptocurrency wallet addresses on a PC, etc. There has also been a marked rise in physical crime where cryptocurrency owners were roughed up, robbed or kidnapped by people to get their cryptocurrencies. 

Comments