Bad actors secretly infected more than 4,000 websites with the script for a crypto-miner after hacking a single technology provider.
The trouble started on 11 February when Ian Thornton-Trump encountered something concerning while visiting the website for the UK Information Commissioner’s Office (ICO).
Just visiting #ICO page this morning and have some concerns. Can someone have a look and see if this is “me” or “them”? I am all for funding the ICO and the work they do; but this may have some GDPR considerations. https://t.co/o0gmvxxxN0
— Ian Thornton-Trump (@phat_hobbit) February 11, 2018
The LinkedIn-shortened URL leads to a post containing a screenshot of the researcher’s visit to the ICO website. Clearly visible at the top right-hand corner of the page is a security warning indicating the presence of a crypto-miner:
Thornton-Trump didn’t believe what he was seeing at first. As he told The State of Security in a DM:
— Scott Helme (@Scott_Helme) February 11, 2018
Helme, an information security consultant, got to work exploring what had caused ICO’s website to load up a crypto-miner. He quickly discovered that the offending script for CoinHive, a popular crypto-miner which Check Point named the “most wanted” malware in December 2017, was not hosted by the ICO. Instead (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/latest-security-news/4k-websites-infected-with-crypto-miner-after-tech-provider-hacked/