dark web hackers across the globe, mining virtual currency secretly, and particularly Monero.
Monero has become one of the popular cryptocurrency recently especially on the ‘dark web’– a section of the internet that can only be accessed using a special browser which is capable of anonymizing your browsing location as well as identity. Dark web criminals are taking advantage of this anonymity by trading illegal commodities, substances and services using virtual currencies.
4,275 websites including those in the U.K., the U.S., Ireland, Australian and Canada with government websites with hundreds of thousands of visitors were hacked in less than a period of four hours and unwittingly mined for cryptocurrency exploiting a security breach. Some of the compromised websites include the United States courts online portal, the United States Information Commissioner Office; the National Health Service in the United Kingdom and the Victorian Parliament website in Australia. The attack by a cryptojacking code hit common websites which had the text-to-speech accessibility script Browsealoud for the visually impaired from Texthelp company.
Recently, Monero has grown in popularity with a market capitalization of $4 billion. Its privacy feature has contributed to its momentum on the dark web making it harder to track compared to bitcoin.
The prices of virtual currency in the market skyrocketed recently and as a scheme that has drawn the attention of criminals. Cybercrimes increased especially on cryptocurrency as criminals tried to cash in on the skyrocketing crypto prices. The cybercrime industry is recently believed to be overtaking the illegal drug trafficking industry in terms of revenue and hence attracting criminals.
The hacking process involved insertion of a malicious code that takes over a portion of a victim’s computer and central processing. Therefore the hacker has the ability of opening a website using a browser in order to mine virtual currency.
The process of mining digital coins requiring less processing power such as Monero is much easier compared to mining bitcoin from websites as it requires powerful specialized computers and software, making Monero mining a better fit for saving on time and energy, making it a very attractive option to criminals.
The dark web hackers had an easier time as they did not compromise each of the 4,275 websites at once, but rather hacked a globally-used plugin named ‘Browsealoud’ which is capable of reading out text from websites for the blind.
After the Browsealoud code was hacked, CoinHive’s Monero miner was silently and secretly injected. Thereafter, any website using the Browsealoud plugin was automatically compromised.
However the cyber-attack was deemed successful as there were basic regulatory measures and requirements over accessibility of some of these government websites that have not been met.