New Cryptocurrency Malware Attacks

By   ISBuzz Team
Writer , Information Security Buzz | Feb 15, 2018 11:00 am PST

In light of the discovery of “cryptojacking” malware affecting thousands of websites around the world – from the UK’s NHS and ICO to the US government’s court system, Nick Bilogorskiy commented below.

Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks:

Nick Bilogorskiy“The meteoric rise of cryptocurrency valuations has shifted cyberattack activity to focus squarely on obtaining Monero and Bitcoin. Given the bubble-like rise in valuations, cryptocurrencies represent a new and highly valuable opportunity by cybercriminals to increase their malware riches. The price of Monero doubled in the last three months, which shows continued adoption by the community.

The newest of these crypto coin monetization methods is mining bitcoin surreptitiously.

The CoinHive library allows hijacking websites to mine Monero right in the victims’ browsers, tapping the processing power of their computers. Another example is the Loapi Trojan that runs on Android phones and mines Monero to the point that it melts the phone’s battery.

Coinhive launched in September 2017 as an alternative to classic website advertising and is rapidly becoming a favorite tool in the cybercriminal arsenal.

The technique of hijacking users’ browsers for cryptocurrency mining is also known as “cryptojacking.” There a several extensions and ad blockers that prevent Coinhive from running – AdBlock Plus, AdGuard, NoCoin and MinerBlock, to name a few.

This weekend government websites in the US, UK and Australia were used for cryptojacking. As is often the case with breaches, attackers used a “third party” method, injecting CoinHive into Browsealoud, a third-party plugin for visually impaired visitors that reads aloud the text on these government web pages.

Third party systems are often the weakest link in the chain, the area of the highest breach risk. Still most websites do not have a process of assessing security third-party plugins before they embed them, so we can expect such security incidents to continue.”