The cryptojacking attack shows up to have persisted for weeks before being addressed, spil it wasgoed configured to not max out CPU usage. Hackers injected it through an unsecured AWS S3 bucket.
By James Sanders | February 23, 2018, Five:38 AM PST
While Coinhive is technically a legitimate operation, granting webstek owners the capability to mine cryptocurrency on the computers of end users, the number of illegitimate uses of the service seem to outweigh legitimate ones. This month, thousands of government websites ter the UK, US, and Australia were infected with Coinhive’s mining script. The assistive technology “Browsealoud,” intended to make websites navigable for users with visual impairments, wasgoed compromised, providing hackers a way to inject the mining script.
Te the case of the L.A. Times webstek, an AWS S3 bucket that wasgoed erroneously configured to be publicly writable wasgoed leveraged by hackers to inject the mining script. Curiously, ter this example, the script wasgoed not configured to run at max settings, which may have enabled it to go by undetected.
Troy Mursch, a security researcher at the Bad Packets Report, discovered the attack of the L.A. Times webstek. Ter a statement to ThreatPost, he estimated that the script had bot ter use since at least February 9th. While the L.A. Times declined comment to ThreatPost, the script wasgoed eliminated from the webstek late Thursday.
Coinhive has persisted on the edge of acceptability for some time. The service has used by The Pirate Bay since last September te lieu of traditional advertisements. The progressive politics webstek Salon has also embarked using Coinhive for users who have blocked normal advertising through the use of ad-blocking browser extensions.
However, some of the same ad-blocking browser extensions have proceeded to block Coinhive and related browser-based cryptocurrency miners. Opera 50, released last December, blocks drive-by mining attacks by default. MalwareBytes, a popular anti-malware program, has blocked Coinhive since September 2018.
Hackers have persisted te attempting to inject the Coinhive mining script into any possible attack vector. This month, specifically crafted attacks for Android devices, Microsoft Word documents, and the Telegram messaging app have bot discovered, spil well spil a botnet called Smominru which used the EternalBlue vulnerability developed by the NSA to turn Windows servers into a Monero mining monolith.
Madrid-based cybersecurity hard AlienVault has claimed ter a fresh report that the North Korean government has bot mining Monero ter cyberattacks. Thomas Bossert, US Homeland Security advisor, cited North Korea spil being the originator of the WannaCry attack, which also leverages the EternalBlue vulnerability.