Secretly installed crypto malware compromised thousands of government websites in the United States, the UK and Australia last weekend.
This alarming new form of “cryptojacking” turns unaware computer users into money-making slaves. Experts warn it’s turning into a huge risk for millions of ordinary Internet users.
Security researcher Scott Helme reported the malware was designed to hijack the computers of people who visited more than 4,000 government websites.
Helme says the problem originated with a software plug-in called Browsaloud, which helps people with impaired vision to browse websites.
Coinhive, a program that mines a virtually untraceable cryptocurrency called Monero, was embedded without authorization in Browsealoud.
The hidden program allows a distant user to mine cryptocurrency by using the processing power of another computer, essentially hijacking the machine.
Texthelp, the company that developed Browsealoud, said the problem was fixed. Coinhive had been embedded in the plug-in for four hours on Sunday.
Software designed to mine cryptocurrency by running massive volumes of mathematical calculations is legal, but fraudulently installing it on websites without the owners’ consent is illegal.
A spokesperson for the National Cyber Security Centre in London said Investigators were trying to identify the perpetrator of the Coinhive scheme and technicians were analyzing data from the incident.
The spokesperson also said no evidence from the incident indicates “that members of the public are at risk.”
Check Point, an online-security firm, reported that Coinhive is the most widely used type of malware on the Internet.
Successful miners receive Bitcoin and other digital currencies for doing the mathematically intensive cryptographic operations that underlie the record of transactions for each currency.
The mathematical intensity of mining for cryptocurrency has led some practitioners to steal the processing power of someone else’s computer by using malware such as Coinhive and Cryptoloot, another common cryptojacking malware.
Bigger than WannaCry
Crytpojacking is “simply everywhere, on websites, servers, PCs and mobile,” Lotem Finkelstein, the leader of a threat analysis team at Check Point, told Technology Review.
“It may become a more serious issue than ransomware,” he said in reference to cyberattacks such as WannaCry and NotPetya, which locks up computers and unlocks them in exchange for a ransom payment, often in cryptocurrency.
Max Heinmeyer, director of threat hunting at cybersecurity firm Darktrace, agrees that cryptojacking could become a bigger security threat worldwide than ransomware, noting that many ransomware attacks are unsuccessful.
According to Paul Ducklin of security firm Sophos, people can use regular antivirus programs to find and delete crypto-mining software on their computers.
But Heinmeyer says Darktrace has recently discovered some highly developed types of crypto mining software that embed themselves on websites and servers and thwart the threat-detection technology in some rule-based antivirus programs.