Cryptojacking: Infected over 4000 websites with a single attack
The occult mining of CryptoCurrency continues to claim victims. This time the compromise of a plugin allowed to compromise over 4000 sites in one go.
During last September popular site The Pirate Bay had started experimenting with a new way of generating revenue streams using a script for cryptocurrency mining that exploits the resources of computing the visitor’s system. The script was made available by Coinhive, a real ” as a service ” monetization system that aims to those who want to try to exploit alternative sources of monetization compared to traditional advertising banners.
The move by The Pirate Bay represented an important precedent, with more and more websites following in its footsteps so much that just as early as October, there were about 500 million systems estimated to be exposed to so-called ” cryptojacking “. Last month, someone had the evil intuition to take advantage of the Coinhive script and integrate it into some banners served on YouTube advertising circuits.
The last significant episode dates back to last Sunday, when IT security consultant Scott Helme found that antivirus software reported compromise on the UK Information Commissioner’s Office (ICO) site. Helme made some inquiries discovering that all the pages of the website hosted a Coinhive script, loaded through a third-party library and not part of the ICO’s website code.
After further research Heme has identified that the library is provided by a company called Texthelp and that provides the plugin Browsealoud, a solution that assists visually impaired people to surf the web. This means that any website using Browsealoud is, in spite of itself, compromised by the Coinhive script. Helme has identified over 4 thousand websites affected by the problem, with various sites of British, Australian, Irish and US government agencies.
The Browsealoud service has been temporarily taken offline and although Texthelp has already solved the problem, it will remain so until 12 GMT hours on February 15th so that users of the service can be made aware of the situation and countermeasures undertaken by the company. Texthelp has announced that the security breach did not compromise user data, because the intent was only to access the resources of the visitor system computation to undermine cryptocurrencies, for another in a window of only 4 hours the last Sunday.