How U.S. & U.K. Government Websites Were Used by Hackers to Mine Monero

Published on:
228
Stack of golden Monero coins in blurry closeup with copy space above in blurred area. 3D rendering
Hackers compromised several websites belonging to government agencies in the U.S. and U.K., in the name of mining Monero.

Unknown hackers have gone an extra mile to use website visitors’ computers to mine cryptocurrency worldwide. The latest incident was discovered by U.K. cybersecurity researcher Scott Helme, who found that hackers were using malicious software to compromise websites to mine Monero.

Monero is a digital currency that has high anonymity capabilities, enabling users to transact without revealing their true profile.

Your TOR usage is being watched

Every transaction generates a new address, and the recipient has to retrieve each at a time to use the cryptocurrency.

How It Happened

The security researcher was alerted that something was amiss after a friend’s antivirus program sent a notice to the website of the U.K. Information Commissioner’s Office (ICO). The hackers are able to compromise websites when the browser’s widow is actively running.

The malware leveraged victims’ devices to mine Monero using very complex CPU-intensive devices to generate it.

Hackers inject software which can run for an extended period unnoticed since the activity does not result in data loss or cause damage to systems; it only makes the computers to run much more slowly.

The mining process of most digital currencies, including Monero, requires less processing power which in turn makes the activity more attractive to hackers.

Crypto mining has also become more popular due to the rapidly rising prices of cryptocurrencies in recent months.

Scott Helme said that the malicious software was online for about four hours before the victim websites took action. Otherwise, the situation could have been far worse.

The hackers could have done anything having their JavaScript on the sites. It was possible for them to compromise personal data, steal information or install a range of malware.

In his report, Helme said he believes that the malware is still running on more than 4,000 websites.

Some of the affected sites include the U.S. Court System as well as the U.K. Information Commissioner’s Office, as earlier stated.

It was then discovered that the crypto mining script was inserted in a text-to-speech browser plugin called Browsealoud. The tool was used by all of the victim websites.

After attacking Browsealoud, the hackers were able to manipulate the computers remotely by installing a cognitive Monero miner.

This gave a cutting edge to the hackers as any website which used the Browsealoud plugin would be compromised in their favor.

TextHelp, Browsealoud’s developer, released a statement saying the tool has been removed from all customer websites as an investigation into the breach is underway.

It is not yet clear the amount of Monero mined in the time frame that hackers took hostage of the many websites.

Cybersecurity experts are warning that the hackers might have secretly installed other malware on the users’ computers, which later might compromise them.

Reasons for the Attack

A monero cryptocurrency hologram coin form hovvering over a computer circuit board
Unknown hackers have gone an extra mile to use website visitors’ computers to mine cryptocurrency worldwide.

Currently, Monero has a market capitalization of over $2 billion, which is a great deal for hackers to take advantage of the growing online asset.

It is after the availability and affordability of Bitcoin has reduced to the current price, which is around $7,000. Bitcoin’s market cap is at $115 billion.

Ranging from the transaction fees and time of a transaction, a lot of hackers prefer altcoins like Litecoin, Monero and Ethereum.

Monero has a small transaction fee while sending to other users and it also takes less time for trade confirmation.

This makes Monero a high preference for hackers, as well as dark web users who anonymously buy drugs, illegal guns and other illegal items.

Mining Monero using computer processing power has been the most comfortable way for hackers to get without any big hustle.

The hackers’ goal is to utilize the high-end computer processors and in large numbers. This requires one to get into the common host provider before reaching out to the rest.

Using a malicious code, the hackers entered the system through the main host, embedding itself to all other subsequent computer systems.

The hash rate, which reciprocates to the number of coins mined per given time, is dependent on the computer’s hardware capability.

At the moment, no hacking group has claimed responsibility for the attack. As investigations continue to unravel the case, users are advised to obtain an up-to-date antivirus program to protect themselves from the malware attack.

C.M.

C.M.

With the urge to know more about everything around us, I am an enthusiast researcher and writer with keen interest in expanding my knowledge in a bid to be well versed. Through writing, I express and share my feelings, ideas, and thoughts for like minded individuals.
C.M.
Write for us

Disclaimer:

The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.

LEAVE A REPLY

Please enter your comment!
Please enter your name here