Hackers Hijack Over 4,000 Websites to Mine Cryptocurrency


Feb 20th

three bitcoins
As the value of craptocurrency continues to plummet by the day, you might see that the cryptocrazies that invested in this bubble seem to be a bit upset recently. After seeing the rise to the top in the main cryptocurrencies such as Bitcoin, Litecoin, Ripple and Ethereum – unwise suckers ran to their banks to put their life savings and wellbeing into something that is totally stable. But surprise, surprise these so called “investors” are out of money and are out of more by the day. So everyone that has a large part of craptocurrency is a total moron right?

Wrong. The exception would be for people that use other peoples’ resources to get it for free apparently. Because it seems as if hackers of every kind are all into this coinage (but cryptocurrency isn’t for illegal shenanigans right?) And the most recent case is the hacking of government websites from the UK and US, the National Health Service and Court system, respectively – to mine cryptocurrency. And in total, have about 4,000 sites under their command, according to The Register.

So how did it all happen? How did these sites fall victim and what did they all do wrong? Well apparently they all use a service called Browsealoud, a plug in to help people with sight issues, blind or even just partially-so users to have text read aloud by a text-to-speech component of the software. An exploit in the application is what hackers have been taking advantage of in order to gain access to these websites. It’s these people that are using helpful accessibility applications’ flaws to get their free crapcoin. Cryptocurrency to save the day again! I guess?

It seems to be a generally re-occurring theme that the coin always being mined by hackers is the now well-reknown “hacker’s coin”, Monero. It was during the morning of the 11th of February 2018 when malicious code found its way integrated into Browsealoud. It was then ran on over 4,000 websites affected by the change for multiple hours. So when innocent users visited said sites, the malicious script ran in their web browser to mine coin, without the visitor’s consent – which was making these hackers some rich men. However, it was quite soon after that Browsealoud and their team had found out about the malicious change to their program’s code and temporarily suspended their service while workers un-did the hackers doing. The hackers have not yet been identified by the authorities and Browsealoud has come out and made it very clear to everyone that the hackers responsible for this attack had done something very illegal.

So other than the mining script, Browsealoud came out relatively unscathed from this breach. No user data had been breached and they did not infect any computers with the flawed software. All they had done at the end of the day, was make off with a bit more cryptocurrency. In my opinion this is no surprise and should not be to anyone. Attacks like this will continue into 2018 with not a single doubt in my mind.

Leave a Reply

© 2006-2024 Security Enterprise Cloud magazine.