Back to Blog

Crypto-Mining Malware Found on 4000+ Sites

February 12, 2018

By: mirabiliscorp

Capturar.JPG

by 

February 12, 2018

Over 4000 websites including several belonging to UK and US government agencies were found over the weekend to be running hidden crypto-mining malware.

Security researcher Scott Helme first investigated the website of the Information Commissioner’s Office (ICO) after a tip-off that AV filters were raising red flags.

“At first the obvious thought is that the ICO were compromised so I immediately started digging into this after firing off a few emails to contact people who may be able to help me with disclosure. I quickly realised though that this script, whilst present on the ICO website, was not being hosted by the ICO, it was included by a third-party library they loaded” he explained.

“If you want to load a crypto miner on 1,000 websites you don’t attack 1,000 websites, you attack the one website that they all load content from. In this case it turned out that Texthelp, an assistive technology provider, had been compromised and one of their hosted script files changed.”

It turned out that attackers had compromised a JavaScript file which was part of the Texthelp Browsealout product, adding malicious code which effectively installed the CoinHive miner.

Some of the sites affected by CoinHive included United States Courts, the General Medical Council, the UK’s Student Loans Company, NHS Inform and many others.

Helme argued that mitigating the attack only requires a small code change to how the Browsealoud script is loaded.

MORE: https://www.infosecurity-magazine.com/news/cryptomining-malware-found-on-4000/

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.