Cryptojacking Strikes Again! Hackers Target Government Websites to Mine Monero
Cryptojacking, the novel hacking process which inflicts a victim’s computer with code to mine cryptocurrency, is evidently on the rise as hackers have targeted hundreds of popular websites with fraudulent software to mine the fungible digital coin monero (XMR).
“Cryptojacking” A Sophisticated Crime
In 2018 alone, thousands of users have fallen victim to malicious cryptojacking code. Surprisingly, it is not from accessing a “shady” website that causes users to be “cryptojacked,” as hackers are using sophisticated methods, such as masking and mimicking popular websites to trap undoubting users.
The latest incident was unearthed by Bad Packets Report’s researcher Troy Mursch, who unveiled on May 5, 2018, that more than 300 websites have been targets of cryptojacking.
Once again, the infamous browser mining software Coinhive was compromised and used by hackers to mine the cryptocurrency monero, by exploiting an “outdated and vulnerable version” of a Drupal content management software.
According to the post, Mursch was notified about the “crypto-hacked” websites of the government of Chihuahua, Mexico, and San Diego Zoo, after which the cyber-security sprung into action.
(Source: Bad Packets)
Later on, by reverse checking the suspected domain address on IP-checker site WhoIs, Mursch was able to find out the associated email address of the hackers, which was then used to check the world wide web using all common denominators as search parameters.
Affected sites include the City of Marion, Ohio, the University of Aleppo, and the National Labor Relations Board, Mexico. The full list of affected sites can be accessed on this spreadsheet.
Attacks Possible Due to Coinhive’s JS Usage
Speaking to CoinDesk, Mursch said:
An increasingly common cyber-nuisance, hackers have employed a number of ways to extract money. Amongst them are, as previously reported by BTCManager, holding sensitive data to a cryptocurrency-only ransom, and latching on YouTube Ads to inflict computers.