Cryptocurrency Mining Malware Abuses 4000 Websites

Posted on Posted in intrusion, intrusion detection, ORSUS

Cryptocurrency Mining Malware Abuses 4000 Websites

February 12th, 2018

Sites include American Courts System

Driver Was To Use Idle Computing Power of Computers to Mine Cryptocurrency, Monero


WASHINGTON, February 12, 2018 – Security Researcher, Scott Helme, first found malware that leveraged the victims’ devices to generate the cryptocurrency Monero by performing complex, CPU-intensive calculations, a mathematical process known as “mining” that’s used to create some cryptocurrencies.

In order to get the crypto-mining malware onto unsuspecting computers, the hack targeted an accessibility plugin called Browsealoud that makes the web easier to use for people with learning disabilities such as dyslexia, or reduced English comprehension abilities.  After compromising Browsealoud, the hackers altered the plugin’s code, injecting malicious JavaScript in order to secretly run the mining software known as Coinhive on unsuspecting machines.

On Sunday, the U.K.’s National Cyber Security Centre (NCSC) issued a statement that it was “examining data involving incidents of malware being used to illegally mine cryptocurrency.”

In a report last month, our Partner, cybersecurity firm CrowdStrike, highlighted the rise of cryptocurrency mining, a relatively new flavor of attack.

“In recent months, CrowdStrike has noticed an uptick in cyberattacks focused on cryptocurrency-mining malware that takes advantage of available CPU cycles, without authorization, to make money,” the firm wrote, noting that it “expects to see much more” of this activity moving through 2018.

Still, as Helme points out, things could have been a lot worse: a similar vulnerability leveraging hack could have compromised government credentials or stolen identities instead of mining Monero.

Bala Ramaiah, ISSQUARED's CEO said, “ORSUS's Identity and Access Management (IAM) module provides a safety valve to prevent unauthorized applications (malware software) to run on corporate machines.  ORSUS IAM lets Administrators define which users can execute which applications, defeating the intent of unethical hackers, in the off-chance that they get past network firewalls.”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.