Welcome to WebmasterWorld Guest from 54.90.119.59

Forum Moderators: open

Featured Home Page Discussion

Crypto-Mining Hack Hijacks Thousands of Government Sites

     
12:20 pm on Feb 12, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25047
votes: 660


It appears that thousands of government sites around the world were mining cryptocurrencies via a popular "browsaloud" plugin used by blind and poorly-sighted people.
This technology was compromised in some way either by hackers or rogue insiders altering Browsealoud's source code to silently inject Coinhive's Monero miner into every webpage offering Browsealoud.

For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper. Crypto-Mining Hack Hijacks Thousands of Government Sites [theregister.co.uk]
12:59 pm on Feb 12, 2018 (gmt 0)

Full Member from CA 

Top Contributors Of The Month

joined:Feb 7, 2017
posts: 218
votes: 15


This hack sounds like a cross site scripting attack. I wonder if a content security policy would have blocked this XSS attack? Has anyone used this subresource integrity check?
6:33 pm on Feb 12, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3560
votes: 28


I just got a bad email from a Govt site in Germany.

Looks like the hacker has a wicked program running using mined social media to connect the email to me in a personal way from my suppose to be wife. Used her name to actually forward the email to me. Like she forwarded the email to me to look at.

Pretty good one almost got me to look at the link and I am usually very careful.
2:11 pm on Feb 13, 2018 (gmt 0)

Moderator

WebmasterWorld Administrator webwork is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:June 2, 2003
posts:7963
votes: 56


Ouch! ^That's^ just downright, full on "I have absolutely no conscience" evil, bwnbwn . . and, of course, we know how such SOBs think: "Hey, if he's stupid enough to fall for our ploy it's his fault . . . that we steal his money, his personal info, his . . . "

Sometimes, I wish there was a hell (for such SOBs) . . and sometimes it feels like we needn't leave this planet earth to find it . . because of the SOBs . . sigh . .
3:20 pm on Feb 13, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator martinibuster is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 13, 2002
posts:14694
votes: 418


I'm just sitting here watching the wheels go round and round...