The war of coin-driven mining—through which websites and apps manipulate source code on other devices—shows no sign of slowing down. Over the weekend, researchers added two more incidents: one with more than 4,200 sites (some of them working government agencies), while others target millions of Android devices.
The first event involves sites that offer a free text-to-text translation service called Navigating. On Sunday, someone changed the hosted JavaScript code Here to have coin mining code from Coinhive, a controversial site that uses the machines of site visitors, often without their permission, to generate the digital currency known as Monero.
In the process, any site that includes a link to JavaScript Browsealoud suddenly saddles its visitors with code that uses 60 percent of its CPU resources, without trying to warn end users or get their permission (about default, the Coinhive code uses 100 percent). Search results showed that the breach affected 4,275 sites, including those operated by the UK government’s Information Commissioner’s Office, the US federal courts, and the state of Indiana. CTO of Texthelp, the company that offers Browsealoud, issued a statement said he suspended the work until Tuesday. The move ended illegal mass mining, which took about four hours. At no time was customer data accessed or lost, the statement said.
Trusthelp staff did not respond to questions asking how corrupted JavaScript hurt your website’s hosting in the first place. The company is also silent about what it is doing to ensure that such incidents do not happen again.
Millions of Android devices targeted
This is the second instance of mass mining targeting millions of Android devices since November, the security provider said. Malwarebytes said on Monday. The ad displays a web page to unsuspecting users that their device is showing suspicious signs. The website directs them to complete a CAPTCHA to prove that their device is controlled by a human instead of a malicious script. Until the end user completes the CAPTCHA, the machine runs code that exhausts the resources that mine Monero for the attacks.
A quick check of two of the five sites known so far to display the CAPTCHA mining code indicates the campaign is hitting tens of millions of devices. Results returned by A similar website shows that rcyclmnr().com received 34.2 million visits since November, with 98.5 percent of visits coming from mobile devices. A separate page used in the campaign, recycloped (.)com, received 32.3 million visits, with 95 percent of its views coming from mobile devices.
Malwarebytes researchers estimate that the five domains collectively receive an average of 800,000 visits per day. Each visit to the mining page, according to Malwarebytes, lasts an average of four minutes. The researchers say that redirect scripts are responsible, but they also suspect that malicious applications may have played a role.
“Due to the low hash rate and the limited time spent mining, we estimate this plan might net a few thousand dollars a month,” Malwarebytes chief malware intelligence expert Jérôme Segura wrote in Monday’s report. “However, as cryptocurrencies continue to gain value, this value can easily multiply over time.”
The minimal benefits to drive-through mining scammers are in contrast to its effects on end users. Mining scripts that run on PCs for extended periods of time have the potential to consume a lot of electricity and even make certain companies unable to operate due to the strain that miners put on servers and bandwidth. network of miners. Researchers at Kaspersky Lab, meanwhile, recently documented a very aggressive Android miner that corrupts the phone it runs on.
Preventing these types of instances of hosted JavaScript hijacking is possible though a precaution known as “source integrity.” Scott Helme, the researcher first reported The Browsealoud JavaScript compromise, has a useful description of the subresource qualification process Here. Stopping drive-through mining campaigns that rely on malicious or malicious applications is becoming increasingly difficult, although end users can often protect themselves by running AV programs from Malwarebytes and many other providers.
But there is a much bigger risk to coin miners that is often overlooked. If someone can control the JavaScript that the US court system and thousands of other organizations place in their websites, they can exploit critical browser flaws, steal login credentials, and perform other malicious actions. As annoying as drive-mining is, it is one of the more insidious crimes that can result from malicious code running on our devices.