Cryptocurrency Miners Hacks Indian Government Websites

While the Indian Government’s sternly maintains its aversion to cryptocurrency, hackers have managed to make fortuned off various government websites. According to an analysis by security researchers, hundreds of Indian websites including Government websites such as municipal administration of Andhra Pradesh, Macherla municipality and Tirupati Municipal Corporation are being used to mine cryptocurrencies.

This all is done with the help of a  malware, known as cryptojacking, which allows unauthorized use of someone else’s computer to mine cryptocurrencies. The innocent victims are either lured into click on a malicious link in an email that loads crypto mining code on their computer or a website is infected with JavaScript code that mines cryptocurrencies using up a visitor’s computing power without consent.

A security researcher Indrajeet Bhuyan told Economic Times:

“Hackers target government websites for mining cryptocurrency because those websites get high traffic and mostly people trust them. Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting cryptojackers is more fashionable as the hacker can make money.” 

A  team of Guwahati-based security researchers Shakil Ahmed, Anisha Sarma, and Bhuyan first discovered the suspicious activity on the AP government websites. The three websites in question are subdomains of ap.gov.in, which is amongst the most popular websites globally with over 1,60,000 visits per month.

The malware that mines cryptocurrencies have been targeting enterprise systems as well. Over 119 Indian websites are listed on PublicWWW that run coinhive script.

As per a recent Fortinet report, cryptojacking has been growing in terms of impact, in Q4 of 2017 it affected 13% of all organizations and in Q1 of 2018, the percentage rose up to 28%,  more than doubling its footprint.

The malware affected the official website of Union minister Ravi Shankar Prasad in March. Cryptocurrency Monero was being mined, the website was later fixed FactorDaily.

Coinhive is amongst the most popular cryptocurrency mining service. The website is bugged with a   small chunk of the code, which uses the computing power of any browser that visits the site to mine bits of the Monero cryptocurrency. Rajesh Maurya, regional vice-president, India and Saarc, Fortinet said:

“Cryptojackers who manage to develop and maintain a network of hijacked computer systems are able to generate revenue with a fraction of the effort and attention caused by ransomware.” 

While another common malware, ransomware, which block access to the computer until a ransom is paid, is dependant on discovery. The success of cryptomining attack is their anonymity.  As long as they are not caught, they can hash your system’s power.

According to experts, the revenue generated via the malware depends upon the audience, the number of systems compromised and how long people stay on a website. The more time spent while surfing on the site, the more CPU cycles that can be borrowed to mine cryptocurrencies.  Maurya adds:

“Crypto mining activity is becoming a very big business in India. This technology is most effective on illegal video-streaming websites where people stay for hours watching movies or TV series.”

Furthermore, Maurya notes that the next target for cryptojacking is the internet of things (IoT) products. Devices that might not be used all day but have high processing power are being leveraged to mine cryptocurrencies, such as home smart speakers. According to data on Shodan.io, the search engine for internet-connected devices, India is ranked second after Brazil with over 13,500 home routers affected by cryptojacking software.

Source: Economic Times