Crypto-Mining Malware Found on 4000+ Sites

Capturar.JPG

by 

February 12, 2018

Over 4000 websites including several belonging to UK and US government agencies were found over the weekend to be running hidden crypto-mining malware.

Security researcher Scott Helme first investigated the website of the Information Commissioner’s Office (ICO) after a tip-off that AV filters were raising red flags.

“At first the obvious thought is that the ICO were compromised so I immediately started digging into this after firing off a few emails to contact people who may be able to help me with disclosure. I quickly realised though that this script, whilst present on the ICO website, was not being hosted by the ICO, it was included by a third-party library they loaded” he explained.

“If you want to load a crypto miner on 1,000 websites you don’t attack 1,000 websites, you attack the one website that they all load content from. In this case it turned out that Texthelp, an assistive technology provider, had been compromised and one of their hosted script files changed.”

It turned out that attackers had compromised a JavaScript file which was part of the Texthelp Browsealout product, adding malicious code which effectively installed the CoinHive miner.

Some of the sites affected by CoinHive included United States Courts, the General Medical Council, the UK’s Student Loans Company, NHS Inform and many others.

Helme argued that mitigating the attack only requires a small code change to how the Browsealoud script is loaded.

MORE: https://www.infosecurity-magazine.com/news/cryptomining-malware-found-on-4000/

Mais do que uma solução tecnológica, somos uma decisão estratégica para as organizações.

Nossa missão é redefinir a relação das empresas com a cibersegurança e a experiência dos usuários no processo de autenticação e acesso a ativos tecnológicos.