This attack was said to be a scheme to generate profits for the perpetrators by forcing unsuspecting visitors of the website to mine the cryptocurrency Monero. The perpetrators were said to have exploited the software code, Browsealoud, a text-to-speech and translation plugin, to carry out the malicious act by integrating their code on various websites.
The critical highs and lows which had plunged the cryptocurrency market into chaos seems to be taking its toll on cryptocurrency investors and miners as the U.S. Court systems and about 4000 websites unwittingly became cryptocurrency miners over the weekend.
This act, termed as “cryptojacking”, was discovered by the security researcher and consultant, Scott Helme. He noted that the attackers utilized JavaScript code on a modified version of Browsealoud, which in turn injected the Monero miner, CoinHive, wherever the plug-in was in use. As a result, websites in the US, UK and Australia have been serving malware to the public via compromised third party services.
Texthelp, the founders of Browsealoud released an article stating that the plug-in had been removed from all customers’ websites with privacy protection properly enabled. According to a statement by the company’s CTO and Data Security Officer, Martin McKay, in view of the cyber attacks, there had been maximum preparation put in place to curb and eliminate risks for such incidents. He added: “the company’s security plan was acted upon which proved to be quite effective, thereby alleviating the risks for the customers within the period of four hours. The continuous automated security tests put in place by Texthelp, helped detect the modified file which led to the product being taken offline.”
In an attempt to assuage all doubts concerning the company’s integrity towards customer’s privacy protection, Martin McKay stated that: “Phase One of our internal investigation is complete and our customers have been notified. We are continuing to work with the National Crime Agency and the National Cyber Security Agency.”
The issue of cryptojacking has become a tough case with basic complaints rising from various other sources. It is evident that the attack was definitely not the first of its kind but the largest recorded, according to Scott Helme. Cryptojacking has also been known to have other malefic purposes like privacy compromises as well as loss of important credentials. Researchers have found no traces of these activities in the latest crytojacking incident but are in doubt as to whether such issue would arise in the future.
In light of this recent hacking, The UK National Cyber Security Centre (NCSC) stated in a recent press release that: “data involving malware incidents are being examined by the centre’s technical experts for any malware used for the illegal mining of cryptocurrency.”
The confirmation of malicious code was brought up by The Register after its discovery by the IT researcher, Scott Helme. With the general speculations that malicious miners target un-patched Windows webservers, Helme suggested that a technique called SRI (Subresource Integrity) should be employed by webmasters. This technique is said to block attempts made by hackers to carry out their malicious intents of injecting their codes into visitors’ websites.
This new technique is said to work under the principle of fingerprinting, which stops the importation of corrupted JavaScript into webpages and webservers. He generally advises webmasters that offer third party services to employ the use of this protection mechanism to curtail the actions of hackers that make their companies a prime target for these cryptojackings
