Another day, another Monero cryptocurrency miner – This time, the target was LA times’ The Homicide Report website.
Troy Mursch, a Las Vegas-based security researcher (“Bad Packets” on Twitter) identified that hackers compromised LA Times website to mine Monero cryptocurrency. The incident took place on February 21st on The Homicide Report, a website run by the LA Times to maintain records of homicides in Los Angeles County within one year.
The researcher found that hackers compromised the domain and inserted a CoinHive’s Monero JavaScript miner which used the computing power (CPU) of visitors to mine Monero (XMR) coins without their knowledge or consent.
CoinHive is a company that provides cryptocurrency miner and sends any coins mined to the browser of the websites’ owner. Although mining codes provided by CoinHive are legal users have been found using them illegally especially by hacking websites like YouTube, BlackBerry, Star
According to Mursch, he identified the presence of Monero miner on February 9th after analyzing the misconfigured Amazon AWS S3 storage bucket of the LA Times which allowed anyone with an Internet connection to access the database and manipulate with the code of their choice.
The researcher also noted that hackers intentionally kept the CPU usage of the server as low as possible allowing them to evade detection by not raising suspicion. This technique was previously used by hackers who compromised Tesla Motors Amazon Cloud server to mine Monero last week.
Mursch reported the incident to LA Times but there was no response from the media giant; however, the Monero mining code was removed from the website.
#Coinhive found on @latimes “The Homicide Report”
Luckily this case of #cryptojacking is throttled and won’t murder your CPU.
Using @urlscanio we find Coinhive hiding in:
http://latimes-graphics-media.s3.amazonawscom/js/leaflet.fullscreen-master/Control.FullScreen.js pic.twitter.com/VOv5ibUtwJ— Bad Packets Report (@bad_packets) February 21, 2018
Remember, hackers are becoming highly sophisticated and persistent in their attacks, therefore, users should be aware of identifying and blocking cryptocurrency miners from using their computing powers. Currently, Opera Mini browser for desktop, Android, and iOS apps blocks cryptocurrency miners.
Users can also install minerBlock and No Coin extensions from Chrome web store developed to block cryptocurrency mining and cryptojacking. Both extensions are open source and open to the public, users can check out the source code on Github here and here.