Got a question? Call 1800 853 276   |   
Contact usCheckoutContact us
Cyber Security Category Banner Image

Tales from the Certified Hacker: Sneaky crypto mining on your PC?

By DDLS Webmaster | 15 February 2018

Criminals who take advantage of people with vision problems and well-meaning businesses are about as low as anyone can sink. The latest advisory from Stay Smart Online today tells how thousands of websites around the world which use a plugin ‘Browsealoud’ were attacked. The plugin adds speech, reading, and translation to websites facilitating access and participation for people with dyslexia, low Literacy, English as a Second Language (ESL), and those with mild visual impairments.

Over 4,200 sites, including a large number of U.S., U.K. and Australian government sites, were infected by a malicious version of Browsealoud, which caused cryptomining to run on the computers which visited the infected websites and ran the plugin, generating Monero cryptocurrency using the resources of the secondary target computers, that is, those owned by innocent people who needed the assistance of the plugin. The criminals gained financially by using the computing power of users’ PCs to generate cryptocurrency.

This technology was compromised by altering Browsealoud’s source code to silently inject Coinhive’s Monero miner into every webpage offering Browsealoud. The additional code was obfuscated or hidden by converting the ASCII (human readable) instruction to connect to Coinhive’s JavaScript miner to hexadecimal in an attempt to hide it.

Texthelp, the developers of Browsealoud, have taken action and removed the Java®-based software while investigating the issue.

The Java cryptomining software is only active while browsing on an infected machine which has visited an infected web server. As soon as the web browser is closed, the software ceases to operate.

This particular attack no longer exists, but it shows the vulnerability of our free and open internet system, and the necessity of ensuring that our computer software and anti-virus is kept up to date and that your Chief Information Security Officer is aware of current issues.

There are methods we discuss on EC-Council’s Certified Ethical Hacker and Certified Network Defender courses to let web administrators know when any changes have occurred on their websites so that they would be aware that modifications have been made to their web software, that they may have been attacked and thus take action accordingly. For more information, check out our EC-Council course schedule.

References: Stay Smart Online The Register Reuters

Stay safe, Terry Griffin

Principal Technologist: Security


Feature Articles


Blog
2024-2025 Government Budget: Focusing investment in cyber security skilling
By Jeremy Daly | 1 July 2024
Read
Blog
AI for Productivity: The 11:11 Tipping Point and Copilot Training
By Leif Pedersen | 19 April 2024
Read
Blog
How to improve communication skills - Power up with Microsoft Copilot training
By Leif Pedersen | 22 April 2024
Read
Blog
Staying on top of AI Trends and Microsoft AI training as a business strategy
By Leif Pedersen | 18 March 2024
Read
eBook
Get your teams up-to-speed with ITIL® 4
22 May 2024
Read
eBook
Elevate your business and career to new heights
22 May 2024
Read
Blog
Understanding PRINCE2 Version 6 vs 7: Themes, risks & issue management
By Fred Carenese | 21 May 2024
Read