The harmful drive-by currency mining scourge shows no signs of abating

 In Biz & IT, coinhive, cryptocurrency, drive-by mining, mining, Monero

The harmful drive-by currency mining scourge shows no signs of abating

Serving the Technologist for more than a decade. IT news, reviews, and analysis.

Aw, damn. (credit: cibomahto)

The scourge of drive-by currency mining—in which websites and apps covertly run resource-draining code on other people’s devices—shows no sign of abating. Over the weekend, researchers added two more incidents: one involves more than 4,200 sites (some operated by government agencies), while the other targets millions of Android devices.

The first incident affected sites that offer a free text-to-speech translation service called Browsealoud. On Sunday, someone changed the JavaScript code hosted here to include currency-mining code from Coinhive, a controversial site that uses the devices of site visitors, usually without their permission, to generate digital coin known as Monero.

In the process, any site that included a link to the Browsealoud JavaScript suddenly saddled its visitors with code that used 60 percent of its CPU resources, with no attempt to warn end users or get their permission (by default, Coinhive code uses 100 percent). Search results show that the breach affected 4,275 sites, including those operated by the UK government’s Information Commissioner’s Office, US federal courts, and the state of Indiana. The CTO of Texthelp, the company that offers Browsealoud, issued a statement saying it suspended the service until Tuesday. The move put an end to the illicit mass mining, which lasted about four hours. At no time was customer data accessed or lost, the statement said.

Read 8 remaining paragraphs | Comments

One attack sneaks coin-mining malware onto 4,300 sites. Another targets Android users.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt