Covert mining malware infects thousands of web pages to get Monero

I read an interesting story and we should all be informed about this.

Devices dedicated to covert mining continue to wreak havoc on the Internet with more and more online portals, secretly using their users' computers to extract cryptocurrencies. This new method of mining, led by the CoinHive tool, is achieving more and more victims to its repertoire, after recently a malware infected a popular plugin of various web pages and install the miner without third party consent.

According to the British sources of The Register, the famous Browsealoud plugin, created by the organization Brit Biz Texthelp for blind or visually impaired people to read web pages, was compromised by a group of hackers, who injected the covert miner of CoinHive in the web resource with the objective of mining Monero in the computers of the users of said platforms without prior warning.

The covert mining operation - also known as cryptojacking - was a success for hackers, affecting thousands of websites around the world; among which the portal of the judicial system of the United States, the network of the University of the City of New York, the National Health Service (NHS), the service of Financial Ombudsman and the University of Lund, among others 4,200 stood out contaminated platforms throughout the Internet.

The CoinHive miner was added at 3 o'clock in the morning as a pirated Browsealoud resource and it worked activating as a hidden code on the computer each time a user entered any web page that had this plugin integrated, thus using the capacity of the computer to generate money at the expense of third parties.

The malware was detected by Scott Helme, an Infosec consultant, who pointed out that the miner stopped working when the page was closed, since its Javascript only runs when the portal tab is open. Also, he recommended the webmaster to try the Sobresource Integrity (SRI) technique to catch and block this type of infiltration:

"There is a technology called SRI (Sub-Resource Integrity), designed to fix this problem exactly, and unfortunately it seems that none of the affected sites were using it."
Scott Helme

Consultant, Infosec

This new form of cryptojacking has managed to affect a greater number of users in a short period of time, since many websites load these external resources provided by companies, such as the Browsealoud plugin, to facilitate new services. After all, this channel can prove to be a springboard to bring malicious codes to visitors in case the proper protection mechanisms are not deployed.

Martin McKay, director of Texthelp, announced that the company was prepared for a cyber attack of this magnitude, for which all the security mechanisms were deployed immediately and the origin of the anomaly was detected.

"In the light of other recent cyber attacks around the world, we have been preparing for an incident of this kind over the last year, and our data security action plan was put into action immediately. Texthelp has implemented continuous automatic security tests for Browsealoud, which detected the modified file and, as a result, the product was disconnected."
Martin McKay

Director, Brit Biz Texthelp

source: https://www.criptonoticias.com