Reply to thread

Message: [QUOTE="Hubert Kaluzny, post: 558"] The Government of [URL='https://en.wikipedia.org/wiki/Eswatini']Eswatini’s[/URL] website, [ICODE]www.gov.sz[/ICODE], is running a [URL='https://www.netcraft.com/apps/help/glossary/#crypto-miners']cryptojacker[/URL]. Cryptojackers use website visitors' CPU power to mine cryptocurrency, most often without their knowledge or permission. Data from archive.org suggests the JavaScript snippet was added to the site’s HTML source between [URL='https://web.archive.org/web/20210928224614/http://www.gov.sz/']28th September[/URL] and [URL='https://web.archive.org/web/20211006103006/http://www.gov.sz/']6th October[/URL]. [IMG alt="Image of a cryptojacker injection on the Eswatini Government website."]https://news.netcraft.com/images/2021/10/eswatini-cryptojacker-injection.png[/IMG] WebMinePool cryptojacker injection on [ICODE]www.gov[.]sz[/ICODE]. While sites that are kept open for long periods of time are often the most lucrative – the longer the victim’s browser tab is open, the more cryptocurrency can be mined — criminals are typically not fussy when deploying cryptojackers. Criminals can target large swathes of sites at once, including those using vulnerable or out-of-date software, compromised third-party JavaScript, or with easily guessable administrator credentials. The cryptojacker on [ICODE]www.gov.sz[/ICODE] is using the WebMinePool pooling service with the identification key [ICODE]SK_zn6mjzLqJtqExdND4BJr8[/ICODE]. A pooling service allows multiple miners to work together to solve computational puzzles to have a greater chance of solving them. Any reward for solving the puzzle is then split amongst the participants. Not all use of web-based cryptocurrency miners is illicit — UNICEF Australia was using [URL='https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/']Coinhive[/URL], a pool that shut down in 2018, for their [URL='https://news.yahoo.com/unicef-hope-page-mines-cryptocurrency-194753409.html']Hope Page[/URL] project after gaining user consent. Eswatini’s official website is not the only government site compromised. Netcraft has detected cryptojacking and other malicious infections on plenty of other sites on government second-level domains including those of Mexico, Brazil, and Indonesia. [IMG alt="Image of a web injection on the Guam Government's website.'s website."]https://news.netcraft.com/images/2021/10/guam-government-webinject.png[/IMG] A web injection on Guam’s [ICODE]gec.guam[.]gov[/ICODE] site. A script from the [ICODE]driverfortnigtly[.]ga[/ICODE] domain is currently referenced on the Guam Election Commission’s website. The domain is now defunct and was previously used for [URL='https://twitter.com/unmaskparasites/status/1394487078952398848']redirecting visitors to other sites[/URL]. Netcraft provides anti-cybercrime services to seven governments. To protect domestic internet users we regularly scan and detect web servers that have been compromised and infected with malicious content. Netcraft’s [URL='https://www.netcraft.com/apps/browser/']browser extension[/URL] and [URL='https://www.netcraft.com/apps/mobile/']mobile apps[/URL] defend against non-consensual cryptojackers alongside other JavaScript-borne threats, phishing/malware, fake shops, and other types of cybercrime. [/QUOTE]

Verification

Top Bottom

Search

Search

Reply to thread