Over 4,200 Websites Compromised With Cryptocurrency Mining Software

A large number of websites, including sites hosted by the United States and United Kingdom governments, have been compromised. The compromised web pages were made to serve cryptocurrency mining scripts. Which use the resources of the visitor’s computer to mine cryptocurrency. In this case maliciously and without consent from the computer’s owners.

Use of accessibility tool BrowseAloud in attack

The pages were compromised due to the use of an accessibility tool known as BrowseAloud. Which augments webpages with extra javascript to allow visually impaired users to browse the page using audio cues. The websites were all compromised due to loading scripts from BrowseAloud’s servers in order to provide text to speech. The attackers needed only to break into BrowseAloud’s servers to compromise all of its customers. The cryptocurrency miner used was the now infamous CoinHive Monero (XMR) web miner. CoinHive is designed to allow content producers a way to be paid for the content they provide. CoinHive has since been used in a large number of website compromises, due to its ease of use and its use of the privacy-focused cryptocurrency Monero. Monero allows attackers to remain extremely anonymous, to the point that others can only guess at the profits gained.

Mitigation of the compromise

This attack can be mitigated rather easily for both content providers and content consumers. Content providers need only verify the hash of the script they are serving. As a modified script will have a differing hash to the expected script. Content consumers can make use either of NoScript plugins in their browsers to block all javascript on web pages, or make use of other plugins such as Ublock Origin. Which if configured correctly will block all requests going to CoinHive’s servers.

Armin Davis

Armin is a cryptocurrency mining and computer security enthusiast. Writing is fun too.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.