Hackers Injected Cryptocurrency Mining Malware into 4,275 Government Websites — They Only Made $24

Josiah Wilmoth @Y3llowb1ackbird
February 16, 2018 14:01 UTC

Earlier this week, hackers infiltrated Browsealoud, a free text-to-translation tool, and injected the Coinhive cryptocurrency mining malware script into the tool’s JavaScript codebase.

Consequently, the estimated 4,275 websites using Browsealoud — including some operated by government agencies in the US and UK — became unwitting pawns in a cryptocurrency mining malware gambit, believed to be the largest-scale attack of its kind.

When users visited the website, the Coinhive mining script automatically began harnessing the visitor’s computer processing power to mine anonymity-centric cryptocurrency Monero.

However, perhaps due to the massive scale of the breach — and the fact that it targeted prominent government websites — the exploit was quickly discovered, and by the end of the day, Browsealoud creator Texthelp had suspended the service.

“In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year. Our data security action plan was actioned straight away and was effective, the risk was mitigated for all customers within a period of four hours,” said Martin McKay, CTO of Texthelp, in a statement.

Because the malware was deployed for such a brief period, the hackers made off with an incredibly paltry sum. Coinhive’s creators told Motherboard that only 0.1 XMR was mined as a result of the hack, netting the hackers a grand total of $24.

Despite all the negative press, Coinhive’s developers maintain that plugin was developed for the legitimate purpose of allowing website owners to replace advertising revenue with in-browser mining, and it claims that its most prolific users are not using it for nefarious purposes.

“Our strongest users have all embedded Coinhive in a meaningful way. They incentivise their users to run the miner and grant rewards for it,” the tool’s creator told Motherboard.

Yesterday, for instance, progressive news outlet Salon began serving ad-blocking readers with the option to either disable the ad-blockers or allow the website to run Coinhive in their browsers.

However, other website operators have quietly added Coinhive without their users’ consent, and many more have adopted it unwittingly through incidents similar to the Browsealoud hack.

Just this week, anti-malware software developer Malwarebytes uncovered a scheme in which millions of Android devices were hijacked and served with Coinhive’s cryptocurrency mining malware scripts.

Featured image from Shutterstock.