Tech & Science Government websites fall prey to cryptocurrency mining hijack

15:06  12 february  2018
15:06  12 february  2018 Source:   Engadget

UNICEF recruits gamers to mine cryptocurrency for Syrian kids

  UNICEF recruits gamers to mine cryptocurrency for Syrian kids It hopes to appeal to young people's desire to do social good.Game Chaingers uses your graphics card's power to mine for cryptocurrency, which then goes straight to UNICEF's account. Of course, the more participants there are, the more coins it can mine -- if the hundreds of millions of gamers around the world help out, the organization can raise a considerable amount. UNICEF says it created the project out of a need to find new donors, since most of its benefactors are already over 50. By asking to borrow PCs' processing power instead of straight-out appealing for cash, even those who wouldn't usually give to charities could contribute.

How hackers can hijack your computer to make free money. Our Picks. Popular. Hackers allegedly compromised the website and inflicted it with a cryptocurrency - mining script, a program that uses visitors’ CPU power to generate Monero, a digital currency like Bitcoin that professes anonymity.

But now researchers at ESET have discovered a new method of mining cryptocurrencies , which can be done directly within your web browser, using JavaScript. This gives attackers the potential to reach a greater number of victims, by infecting websites , rather than by targeting individual machines.

a clock on a table © Provided by Engadget It's not just private companies' websites falling victim to cryptocurrency mining hijacks. Security consultant Scott Helme and the Register have discovered that intruders compromised over 4,200 sites with Coinhive's notorious Monero miner, many of them government websites from around the world. This includes the US court info system, the UK's National Health Service and Australian legislatures, among others. The intruders spread their JavaScript code by modifying an accessibility plugin for the blind, Texthelp's Browsealoud, to inject the miner wherever Browsealoud was in use.

Apple's iOS 11.3 may use iCloud as a single sign-on for websites

  Apple's iOS 11.3 may use iCloud as a single sign-on for websites You might not have to log in to your favorite websites one at a time in the near future. There's also an element in the beta which uses the camera app to scan for a QR code and ask for your Apple ID, although there's even less known about how that would work.

Cryptocurrency mining malware may end up being a bigger problem than WannaCry. Organizations that think they dodged a bullet when their older systems did not fall prey to the WannaCry ransomware may want to think again.

Over the weekend, The Pirate Bay users noticed that a cryptocurrency miner had appeared on the site and was using visitors’ computers to mine Monero. This isn’t the first time a site has explored cryptocurrency mining as an alternative source of revenue

The mining only took place for several hours on February 11th before Texthelp disabled the plugin to investigate. Government sites like the UK's Information Commissioner's Office also took pages down in response. As with most of these injections, your system wasn't facing a security risk -- you would have just noticed your system bogging down while searching for government info. The mining goes away the moment you visit another page or close the browser tab. The biggest hassle was for the site operators, who are now discovering that their sites are vulnerable to intruders slipping in rogue code without verification.

It's not certain who's behind the attempt, but these hijacks tend to be the work of criminals hoping to make a fast profit.

The big problem: this might continue to happen for a while. Although antivirus tools can catch Coinhive, a more definitive solution would be to use a fingerprinting technique (subresource integrity) that verifies of outside code and blocks any modifications. And there's no indication that many websites, whether government or private, are in a rush to implement it.

Scott Helme (Twitter)PublicWWW

Tesla cloud account hacked to mine cryptocurrency .
An unidentified outside hacker infiltrated Tesla's Amazon cloud account and used its systems to quietly mine for cryptocurrencies, a cybersecurity firm announced Tuesday.  The hack also potentially exposed the electric car company's data.

—   Share news in the SOC. Networks

Topical videos:

This is interesting!