Unknown hackers have gone an extra mile to use website visitors’ computers to mine cryptocurrency worldwide. The latest incident was discovered by U.K. cybersecurity researcher Scott Helme, who found that hackers were using malicious software to compromise websites to mine Monero.
Monero is a digital currency that has high anonymity capabilities, enabling users to transact without revealing their true profile.
Every transaction generates a new address, and the recipient has to retrieve each at a time to use the cryptocurrency.
How It Happened
The security researcher was alerted that something was amiss after a friend’s antivirus program sent a notice to the website of the U.K. Information Commissioner’s Office (ICO). The hackers are able to compromise websites when the browser’s widow is actively running.
The malware leveraged victims’ devices to mine Monero using very complex CPU-intensive devices to generate it.
Hackers inject software which can run for an extended period unnoticed since the activity does not result in data loss or cause damage to systems; it only makes the computers to run much more slowly.
The mining process of most digital currencies, including Monero, requires less processing power which in turn makes the activity more attractive to hackers.
Crypto mining has also become more popular due to the rapidly rising prices of cryptocurrencies in recent months.
Scott Helme said that the malicious software was online for about four hours before the victim websites took action. Otherwise, the situation could have been far worse.
In his report, Helme said he believes that the malware is still running on more than 4,000 websites.
Some of the affected sites include the U.S. Court System as well as the U.K. Information Commissioner’s Office, as earlier stated.
It was then discovered that the crypto mining script was inserted in a text-to-speech browser plugin called Browsealoud. The tool was used by all of the victim websites.
After attacking Browsealoud, the hackers were able to manipulate the computers remotely by installing a cognitive Monero miner.
This gave a cutting edge to the hackers as any website which used the Browsealoud plugin would be compromised in their favor.
TextHelp, Browsealoud’s developer, released a statement saying the tool has been removed from all customer websites as an investigation into the breach is underway.
It is not yet clear the amount of Monero mined in the time frame that hackers took hostage of the many websites.
Cybersecurity experts are warning that the hackers might have secretly installed other malware on the users’ computers, which later might compromise them.
Reasons for the Attack
Currently, Monero has a market capitalization of over $2 billion, which is a great deal for hackers to take advantage of the growing online asset.
It is after the availability and affordability of Bitcoin has reduced to the current price, which is around $7,000. Bitcoin’s market cap is at $115 billion.
Ranging from the transaction fees and time of a transaction, a lot of hackers prefer altcoins like Litecoin, Monero and Ethereum.
Monero has a small transaction fee while sending to other users and it also takes less time for trade confirmation.
This makes Monero a high preference for hackers, as well as dark web users who anonymously buy drugs, illegal guns and other illegal items.
Mining Monero using computer processing power has been the most comfortable way for hackers to get without any big hustle.
The hackers’ goal is to utilize the high-end computer processors and in large numbers. This requires one to get into the common host provider before reaching out to the rest.
Using a malicious code, the hackers entered the system through the main host, embedding itself to all other subsequent computer systems.
The hash rate, which reciprocates to the number of coins mined per given time, is dependent on the computer’s hardware capability.
At the moment, no hacking group has claimed responsibility for the attack. As investigations continue to unravel the case, users are advised to obtain an up-to-date antivirus program to protect themselves from the malware attack.