The latest technology and digital news on the web

Powered by

US-China government site is active cryptocurrency mining malware

The crypto-jacking malware catching is far from over – and it appears the latest victim of this advancing trend is the website of the US-China Association of Commerce (USCAC).

Security researcher Troy Mursch from Bad Packets Report has found that the USCAC website is adulterated with a awful script advised to steal visitors’ accretion power to surreptitiously mine cryptocurrency.

For the record, the awful script found on the USCAC is more frequently known as Coinhive. This means that whoever sneaked in the script is currently cyberbanking on the accepted bearding cryptocurrency Monero.

For safety reasons, we have absitively not to link anon to the afflicted website, as Mursch warns that the page could direct users to “fake tech abutment scams and other malware downloads.”

The reason for this breach likely is the fact that the USCAC site runs on an anachronous adaptation of the Drupal agreeable administration system (CMS). Indeed, Mursch emphasizes the USCAC source code indicates the last time the website got an update was back in December 2011.

For context, USCAC describes itself as a “community of entrepreneurs and professionals” with 300 Western and Chinese associates and bags of business organizations. Its goal is to “enhance accord and understanding” amid the American and the Chinese governments.

“Websites that use anachronous versions of Drupal (CMS) are highly accessible and can be exploited en mass.” Mursch told Hard Fork. “Unfortunately I’ve found 115,000 Drupal sites that are at anachronous — some haven’t been adapted in many years. So far, we’ve found hundreds of these sites afflicted by crypto-jacking attacks.”

Indeed, this is not the first government website to be featuring the cryptocurrency mining malware.

Earlier this year, Mursch appear a list of 400 compromised websites that were analogously active anachronous Drupal versions. The list of afflicted pages included government sites of countries like the US, Mexico, Turkey, Peru, South Africa, and Italy; other notable examples included the sites of Chinese giant Lenovo, Taiwanese accouterments maker D-Link, and the University of California, Los Angeles (UCLA).

It is decidedly annoying that well-funded institutions like the ones above have failed to abundantly update their websites and assure their users adjoin such attacks. But Troy hints that Coinhive might also be partially amenable for the recent beginning of crypto-jacking malware.

Mursch told Hard Fork that prior to a report he and fellow researcher Brian Krebs appear in March, Coinhive used to “let abuse run rampant” on its platform. “They still do, but at least now they can cut a key off,” he added. Disabling a key about means no more mining for the Monero user who owns the key. However, Mursch notes that awful actors can easily appeal and get a new key – which could turn the affair in a abandoned circle.

Mursch told Hard Fork that he has not yet appear the issue to USCAC, pointing out that it is absurd for him to acquaintance the operators of all 115,000 afflicted websites. Instead, he has been accommodating with the Drupal aegis team and the US Computer Emergency Response Team (CERT) to spread the word.

Mursch’s advise is for all website operators using Drupal’s agreeable belvedere to update to the latest accessible adaptation as soon as possible.

While Mursch charcoal anxious the crypto-jacking catching is here to stay, he advises there are some measures you can take to assure yourself: you can find out more about this here.

Appear June 7, 2018 — 10:27 UTC

Hottest related news