tinyfav.com
tinyfav.com April 21, 2018


Australian sites compromised by malware that forces visitors' computers to mine cryptocurrency

15 February 2018, 07:47 | Gina Pena

Government websites fall prey to cryptocurrency mining hijack

Australian sites among thousands hacked to include mining script

A vulnerability associated with the third-party web browser plugin Browsealoud allowed hackers to put the cryptomining code into the source code for the affected websites, according to a United Kingdom -based cybersecurity researcher.

"We would like to reassure our website users that no council data or information has been accessed or compromised during this worldwide cyberattack", he said.

Among those affected are the UK Student Loans Company (SLC), National Health Service (NHS) Scotland, and the Queensland government portal in Australia.

"This is not a particularly new attack and we've known for a long time that CDNs or other hosted assets are a prime target to compromise a single target and then infect potentially many thousands of websites. Someone just messaged me to say their local government website in Australia is using the software as well".

Texthelp, the company which makes the plug-in, confirmed that the product was affected for four hours by malicious code created to generate cryptocurrency.

After a friend's anti-virus program set out an alert on the site of the UK Information Commissioner's Office, Helme found the malicious script and traced it back to its source: Browsealoud.

"At a high-level mining is simply using system resources to solve large mathematical calculations which result in some amount of cryptocurrency being awarded to the solvers", Cisco researchers wrote in a research note.

It's believed that over 5,000 websites have been affected by the malware.

Google unveil test for chats with robots
The app analyzes the text of conversation then generate a contextual response with three suggested replies for the user selection. The request for testing of the new project came from Area 120, a division of Google that works on experimental products.

Korea's Mixed Doubles Curling Team Thrash the US
Canada has made the mixed doubles podium just twice at the world championships, grabbing a silver in 2017 and a bronze in 2009. If China defeats Norway, however, they would force a tiebreak game to be played Sunday morning at 6:05 a.m.

Halfpenny ruled out of England clash in huge blow for Wales
He said that England got there first and there was no downward pressure from Wales . There are a lot of guys in this squad who will go there with a lot of confidence.

Hackers inserted a script called Coinhive, the makers of Browsealoud, Texthelp, has confirmed.

The sites were serving the code for at least a few hours on Sunday until Texthelp Ltd., the company behind the plugin, disabled the cryptomining code.

The code adds a script to web pages that uses a computer's processing power to mine cryptocurrency when people browse the site.

Among the Australian sites affected were the Queensland Government's main legislation site - legislation.qld.gov.au - along with Canberra's defence.gov.au and sites belonging to the Victorian Parliament and South Australia's City of Unley. "This was a criminal act".

"A security review will be conducted by an independent security consultancy", said Martin McKay, Texthelp's data security officer.

A spokesperson from the NCSC said it is "examining data involving incidents of malware being used to illegally mine cryptocurrency".

It said that there are no indications at this stage that members of the public are at risk.

"The affected services have been taken offline, largely mitigating the issue".



Other News

Trending Now

Zuma Calls South African ANC's Push for Him to Resign 'Unfair'
In December previous year , he was replaced by Cyril Ramaphosa as the party president of the African National Congress. ANC Secretary-General Ace Magashule said he expected Zuma to reply to the directive on Wednesday.

Omarosa Says She Was 'Haunted By Tweets' In Trump's White Home
A couple of Twitter users said that Manigault faked the injury to get a break and rest that isn't easily available in the house. Ever since the show started, Omarosa has been making headlines with her statements about the Trump administration.

Sale of Canadian helicopters to Philippine military prompts human-rights concerns
Filipino officials have said the country would buy the aircraft from another source if Canada did not follow through on the deal. Trudeau, who raised human rights concerns to President Rodrigo Duterte past year , replied: "Absolutely".

These Photos Were Snapped by the Farthest-Ever Cameras from Earth
Now, NASA's New Horizons spacecraft has broken that record with several new photos. Andy Cheng, with the Johns Hopkins Applied Physics Laboratory in Laurel.

Prince Harry & Meghan Markle Attend Event To End Homelessness In Edinburgh
They shook many hands along the way, and most gave their well-wishes for a happy wedding. They are the latest in a string of high- profile visitors to Social Bite premises.

Major assault launched against IS in Egypt
IS started to scale up its attacks in Sinai from September 2017 onwards, as it started losing territory in Iraq and Syria. Last year, militants attacked a Sufi mosque in the region, killing 311 worshipers.

Kuwait pledges $2bn for Iraq reconstruction
The package will be structured so that the initial amount could rise to as much as $5 billion over several years. Iranian-backed Shiite militias also participated in the operation, fighting in the villages around the city.

Trump Gets Best Approval Rating In 7 Months
President Donald Trump's approval rating is at its highest mark in seven months, according to the latest Quinnipiac poll. Trump's approval rating is at 48 percent, statistically tied with his disapproval rating of 50 percent.

Russian Federation intends to keep meddling in United States elections — Intelligence Chiefs
Sometimes Trump and the White House accept the dangers the intelligence community says are facing American elections. He criticized Trump for not issuing more sanctions against Russian Federation in response to the meddling.

Giants denied permission to interview Vikings' Stefanski
Shurmur intends to call plays in NY , much like he did for most of the past two seasons in Minnesota. There are few coaches in the league more equipped to deal with that kind of situation than Shurmur.