The cryptocurrency mining malware problem is extending into parts of the world that no one expected, with the UK government now directly affected with “thousands of websites” including sites belonging to NHS (National Health Services). And because that’s not already hard enough to take, the Australian government got also infected just two days after the UK hack. CoinHive was used as service to mine Monero in the background.

[caption id=”attachment_2830” align=”alignnone” width=”1024”]cryptomining-hackers-government-websites-cryptocurrency Picture: newsweek.com[/caption]

Hackers used in both cases the same browser plug-in, BrowseAloud. Users usually can identify such a background mining very easily because the CPU usage is higher than usual. TheGuardian reports that this store is even worse because several other pages were involved and infected with the crypto mining hijack, like several video streaming platforms and maybe these services were only abused to test the exploit.

Protection

  1. Install an adblocker with an anti-crypto mining filter list
  2. Check if your CPU usage is higher when you visit certain pages
  3. Ensure you give the website or application you use only the needed permissions which are really required, ask yourself why e.g. a Blog needs permissions to play audio or video files even if there no visible files available.
  4. Don't ignore it, ask the webmaster or homepage owner if you not get an answer make it public which means informing others might help
  5. Ensure you use the latest software versions, some Browsers integrate already their own adblocking mechanism

Conclusion

Crypto mining is a thing and you should know how you defend yourself against it, stay pessimistic because larger pages are always a larger attack vector and the bad guys never sleeping, knowledge is once again a key here if you know how malware works you can build strategies to fight it.

Bigger website owners should be really more careful and there should integrate fewer plugins and external resources to lower such attacks and then none of this would happen. Sadly plugins/extensions and such traps still working and a lot of people are simply too ignorant to see the possible risk.

The harm is very easily done and you can’t get back the ghost into the bottle once it’s already too late, in my opinion there should be more experts inspecting especially bigger pages to inform the webmasters about the known leaks but no one like to spent time on this and this is might be the more dangerous threat - cause no one cares …