The analysts say bad actors put a script on the website that installed malware to download a cryptocurrency miner.
Group-IB, a Singapore-based cybersecurity provider, revealed in a recent blog post that an undisclosed educational website fell victim to a hidden cryptojacking campaign.
According to the firm’s blog post, threat actors inserted a hidden script on the website, which allowed them to remotely install malware on each visitor’s computer and to download a cryptocurrency miner from chrome-error[.]co. Although Group-IB didn’t name the website, the firm noted the educational online platform had “5 million visits per month.”
The analysts say the malware archive — which was downloaded to the victim’s Downloads folder — contained an executable file that installed a mining software XMRig Coinminer to mine Monero (XMR). XMRig is a well-known mining software among cybercriminals and scammers as it allows bad actors to remain anonymous by hiding sender and recipient identities, as well as nearly all transaction details, the firm noted.
While the scale of the scheme remains unclear, Group-IB notes that the hidden mining software from the archive for some unknown reason was not launched on infected computers. Group-IB says it has notified its customers about the threat and shared recommendations on preventing consequences.