Security Researcher, Scott Helme, first found malware that leveraged the victims’ devices to generate the
cryptocurrency Monero by performing complex, CPU-intensive calculations, a
mathematical process known as “mining” that’s used to create some cryptocurrencies.
Driver Was to Use Idle Computing Power of Computers to Mine Cryptocurrency, Monero
In order to get the crypto-mining malware onto unsuspecting computers, the hack
targeted an accessibility plugin called Browsealoud that makes the web easier to use
for people with learning disabilities such as dyslexia, or reduced English
comprehension abilities. After compromising Browsealoud, the hackers altered the
software known as Coinhive on unsuspecting machines.
On Sunday, the U.K.’s National Cyber Security Centre (NCSC) issued a statement that
it was “examining data involving incidents of malware being used to illegally mine
In a report last month, our Partner, cybersecurity firm CrowdStrike, highlighted the
rise of cryptocurrency mining, a relatively new flavor of attack.
“In recent months, CrowdStrike has noticed an uptick in cyberattacks focused on
cryptocurrency-mining malware that takes advantage of available CPU cycles, without
authorization, to make money,” the firm wrote, noting that it “expects to see much
more” of this activity moving through 2018.
Still, as Helme points out, things could have been a lot worse: a similar
vulnerability leveraging hack could have compromised government credentials or
stolen identities instead of mining Monero.
Bala Ramaiah, ISSQUARED's CEO said, “ORSUS's Identity and Access Management (IAM) module provides a safety
valve to prevent unauthorized applications (malware software) to run on corporate
machines. ORSUS IAM lets Administrators define which users can execute which
applications, defeating the intent of unethical hackers, in the off-chance that they
get past network firewalls.”