Government Sites in India Among Prime Targets for Cryptojacking, Research Shows

Official government websites have become a prime target for cryptojacking in India, The Economic Times (ET) reports today, September 17.

Cryptojacking is the practice of infecting a target with malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

New research from cybersecurity analysts reportedly reveals that widely trusted government websites – including those of the director of the municipal administration of Andhra Pradesh, Tirupati Municipal Corporation and Macherla municipality – have become the latest to be exploited by the practice.

Security Researcher Indrajeet Bhuyan told ET that:

“Hackers target government websites for mining cryptocurrency because those websites get high traffic and mostly people trust them. Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting cryptojackers is more fashionable as the hacker can make money.”

According to the Times, Guwahati-based security researchers Shakil Ahmed, Anish Sarma and Bhuyan were the first to identify vulnerabilities on the AP government websites, all of which are subdomains of the extremely popular ap.gov.in – which is reported to receive over 160,000 visits per month.

According to the ET, crytojacking appears rife on enterprise as well as government systems, with PublicWWW listing over 119 Indian websites that run Coinhive code – a script created to mine Monero (XMR) via a web browser.

ET cites a recent Fortinet report that suggests cryptojacking has more than doubled between 2017 Q4 and 2018 Q1, with the percentage of affected enterprises rising from 13 to 28 percent.

Fortinet’s Rajesh Maurya told ET that cryptojacking generates revenue “with a fraction of the effort and attention caused by ransomware,” noting that illegal video-streaming websites are a particularly lucrative target, as the script can make use of multiple CPU cycles to mine crypto as users watch movies or TV series.

ET further reports that internet of things (IoT) products are considered by security experts to be “the next frontier” for cryptojackers, given that such devices have high processing power and yet may be idle for much of the day. ET’s search on IoT-focused search engine Shodan.io found that over 13,500 home routers in India were infected by cryptojacking malware – a figure that was only outflanked globally by Brazil.

As previously reported, a research this summer from cyber security firm McAfee Labs revealed that cryptojacking malware activity had risen a staggering 629 percent in 2018 Q1.

Botnet Exploits SQL Servers to Install Crypto Mining App   June 10, 2020
French Police Shut Down 850,000 Computer Botnet Used for Cryptojacking   Aug. 28, 2019
Researchers Find Monero Mining Malware That Hides From Task Manager   Aug. 14, 2019
Trend Micro: BlackSquid Malware Infects Servers to Install Monero Cryptojacking Software   June 4, 2019
'Infect and Collect': Cryptojacking Up 629% in Q1 2018, Says McAfee Report   June 29, 2018