Security researchers in India have found malware that secretly mines cryptocurrencies on hundreds of local government computers, Economic Times reports.
Sites for the Municipal Administration in Andhra Pradesh, Tirupati Municipal Corporation and Macherla municipality are among those affected.
“CryptoJacking” attacks inject cryptocurrency mining malware (malevolent software) onto affected systems without user consent.
These attacks are becoming more popular because they are essentially automated and surreptitious and therefore far less confrontational than ransomware attacks, where data or systems are locked and then unlocked for a ransom in cryptocurrency.
Rajesh Maurya, Regional Vice-President, India and Saarc, Fortinet told Economic Times:
“Cryptojackers who manage to develop and maintain a network of hijacked computer systems are able to generate revenue with a fraction of the effort and attention caused by ransomware.”
Cryptojacking malware can pervade a system if victims click an infected email or linger on an infected website such as an illegal movie-streaming site.
Once inside a system, the malware takes command of a computer’s CPU and uses it to generate cryptocurrency.
Some crypto mining malware can override normal system settings and prevent a computer from sleeping. Some is even designed to seek out and shut down competing malware that may already be present in a system.
“Hackers target government websites for mining cryptocurrency because those websites get high traffic and mostly people trust them,” security researcher Indrajeet Bhuyan told The Economic Times. “Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting cryptojackers is more fashionable as the hacker can make money.”
One of the Indian government websites affected gets an estimated 1,600,000 hits per month.
Guwahati-based security researchers Shakil Ahmed, Anisha Sarma and Bhuyan were the first to identify the exploit.
The team says it was able to fairly easily expose the infections by running a software script (piece of code) on the homepages of 4000 websites from goidirectory.nic.
The researchers also found affected private sector systems.
The Economic Times says that reports of crypto mining malware attacks doubled between Q4 2017 and and Q1 2018, from 13 to 28% respectively.
The most popular cryptojacking malware is Coinhive, which is used both legitimately and in hacks.
Charities like the Bail Bloc project in Brooklyn use Coinhive to generate income from participants who consciously donate their computing power.
But Coinhive also reportedly does little to prevent the misuse of its software.
The company keeps 30% of all cryptocurrency mined using Coinhive, legitimate or not, and sends the remaining 70% to the responsible party using a cryptographic key that identifies them.
But according to cybersecurity expert Troy Mursch, if a company complains about an infection to Conhive, the company will do nothing to assist in removing the malware and will simply deactivate the user key and keep 100% of the crypto generated until the complainant successfully deactivates the malware:
“When they ‘terminate’ a key, it just terminates the user on that platform, it doesn’t stop the malicious JavaScript from running, and it just means that particular Coinhive user doesn’t get paid anymore. The code keeps running, and Coinhive gets all of it. Maybe they can’t do anything about it, or maybe they don’t want to. But as long as the code is still on the hacked site, it’s still making them money.”
According to Rajesh Maurya, cryptojacking is “becoming big business” in India, but the implications of cryptojaking on the Internet of Things (IoT) are staggering.
According to The Economic Times, hackers are already cryptojacking on devices connected to the internet such as smart home speakers, which are left on all day with little to do but which have strong processing units attractive to hackers.