Hackers built a hidden miner in thousands of state sites in the US and UK - Hitecher
Hackers built a hidden miner in thousands of state sites in the US and UK

Hackers built a hidden miner in thousands of state sites in the US and UK

news | | Crypto & Blockchain | comments265

Scott Helme, the information security specialist reported on the distribution of the script for monero mining on sites, most of which are owned by US and British government agencies. Ummm, so yeah, this is...

Scott Helme, the information security specialist reported on the distribution of the script for monero mining on sites, most of which are owned by US and British government agencies. Ummm, so yeah, this is...

Scott Helme, the information security specialist reported on the distribution of the script for monero mining on sites, most of which are owned by US and British government agencies.

First he script was discovered by Helme on the site ico.org.uk, but it turned out that the hackers had implemented a miner into the extension BrowseAloud developed by the company TextHelp.com, which allows to sound site content for users with visual impairments. And most of the sites that used the extension have mined cryptocurrency at the expense of visitors. The script used 40% of the power of user processors.

The intruders have built in Coinhive into the code of BrowseAloud. It is one of the most popular scripts for cryptocurrency mining through a browser.

The vulnerability affected 4275 sites, including university websites, various departments, many of which are located on the .gov.uk, .gov.au and .gov domains.

This example shows that third-party solutions should be used with caution. Due to problems on the side of TextHelp.com, sites that exploited the company's product were compromised.

The representatives of TextHelp.com confirmed that of of the scripts was modified. Now the company is conducting a thorough investigation of the incident. It is unclear how someone got access and was able to edit the code. These could be hackers who hacked the company's repository. The attack could be also prepared, for example, by one of the developers of the company, decided to earn extra money.

Before that i hidden miner was built into the popular sites as well as into YouTube ads.  Recently a vulnerability was discovered by Kaspersky Lab specialists in the Telegram for Windows application and it could be also used for mining.

Теги: mining

Share this with your friends!

Evan Mcbride

Evan Mcbride

Hitecher staff writer, high tech and science enthusiast. His work includes news about gadgets, articles on important fundamental discoveries, as well as breakdowns of problems faced by companies today. Evan has his own editorial column on Hitecher.

All posts by Evan Mcbride

Be the first to comment