US and UK Government websites are attacked by Cryptocurrency Mining Malicious attacks, how can India remain safe? here are some Tips for common users and web administrators to carefully follow in order to stay safe from Cryptocurrency Malacious attacks.
Thousands of UK and US government websites were infected with a malicious script on Sunday (11 February) that secretly forced visitors' computers to mine cryptocurrency for malicious hackers. The malware was running on more than 4,000 sites, including the U.K.’s Information Commissioner’s Office (ico.org.uk) and the website for the American court system (uscourts.gov).
Hackers infected the websites with a malicious version of a popular software known as Browsealoud which reads out webpages for people with vision problems. After compromising Browsealoud, the hackers altered the plugin’s code, injecting malicious JavaScript in order to secretly run the mining software known as Coinhive on unsuspecting machines.
What can a cryptocurrency malware do?
To mine cryptocurrencies, hackers are nowadays injecting websites with cryptocurrency malware which secretly uses the computing power of hacked mobiles/laptops to mine cryptocurrency (this technique is also known cryptojacking).
When a user visits an infected site, the miner on the site gets activated and starts using the resources of the victim visiting the website. Unlike other malware - Ransomware or Spyware, cryptojacking is less dangerous and non-intrusive as it doesn’t steal or spoil user data. However, it can consume a lot of your processing power to mine cryptocurrencies thereby making your device extremely slow and even get it heated up.
The organisations have assured that they have taken the necessary measures and no customer data has been accessed or lost. The company further said that its customers will receive a further update as soon as the security investigation gets completed.
Sharing a perspective of Indian corporates and government agencies, Ankush Johar, Director at Infosec Ventures commented on this malicious activity around Cryptocurrency by saying, “Malicious hackers being able to break into sophisticated Government infrastructure is nothing but a proof that the new age malware is too complex to be detected by conventional anti-malware solutions. If the US and UK Government websites can be infected with such malware then so can Indian bodies.”
“System admins and general users should both take this as a warning and deploy up to date, reputed copies of anti-malware with a legitimate license. Outdated/pirated copies of anti-viruses are much more dangerous than not having them as they give a false sense of security and thus high usage of such copies puts Indian users at a greater risk.” Ankush suggested.
Safety Tips from Cryptocurrency Malware
Users and system admins, in general, can follow some tips below to keep themselves secure from crypto hijackers and other malware:
- Consider using a popup-Blocker: Users can add popup-blockers to prevent cryptomining from running in the background. Besides this, popup-blockers can also be used for blocking various malicious pop-ups that can contain malware.
- Update your antivirus/anti-malware software: Most antivirus software has already blacklisted these kinds of cryptocurrency software. Users are advised to use a legitimate antivirus software and update it with the latest signatures.
- Disable unnecessary browser extensions: Users are advised to remove/disable unnecessary browser extension and keep monitoring the installed plugins regularly. If you see an unwanted/unknown plugin, remove it instantly.
- Remove unwanted programs/software: Users are advised to keep an eye on the installed programs and software. If you see an application that seems to be unknown/unwanted, remove it, especially if the publisher of the software is unknown.