Home / News / Malware secretly mining monero cryptocurrency on government and universities websites​

Malware secretly mining monero cryptocurrency on government and universities websites​

/
/
/
503 Views

According to a report by security research, Coinhive - a mining code for cryptocurrency; was found on many government and universities websites. The code is currently running on over 400 websites across the globe, including Lenevo, San Diego Zoo, Office of the Inspector General Equal Employment Opportunity Commission (EEOC) and sites for the University of Aleppo and the UCLA Atmospheric and Oceanic Sciences program.

The location of most affected websites is the United States and hosted by Amazon. It's been believed, the compromise is due to outdated Drupal version, the report highlighted​.

Digging a little deeper into the cryptojacking campaign, I found in both cases that Coinhive was injected via the same method. The malicious code was contained in the “/misc/jquery.once.js?v=1.2” JavaScript library. Soon thereafter, I was notified of additional compromised sites using a different payload. However, all the infected sites pointed to the same domain using the same Coinhive site key.

Once the code was deobfuscated, the reference to “http://vuuwd.com/t.js” was clearly seen. Upon visiting the URL, the ugly truth was revealed. A slightly throttled implementation of Coinhive was found.

The mining code is developed using JavaScript, it basically mines Monero cryptocurrency. Coinhive runs in background via web browser. The code analysis shows it is harmless to the websites, it only enforces victims to mine Monero Cryptocurrency.

Leave a Reply