14 DAY TRIAL // Even though cryptocurrencies are effectively banned in India after the Supreme Court decided to support the Reserve Bank of India's decision to ban all cryptocurrencies in the country, threat actors still keep going, using government websites as cryptocurrency miners.
High traffic government websites have been used in a cryptojacking campaign which allows bad actors to use the visitors' web browsers to silently mine for Monero coins in the background with the help of a JavaScript-based Coinhive miner script.
The researchers who found the Coinhive-infected websites said that the site of the director of municipal administration of Andhra Pradesh, of the Macherla municipality, and of the Tirupati Municipal Corporation are among the trove of sites used for illegal Monero mining.
Besides the three government websites, 119 other Indian sites have been detected as compromised and working in the shadows for their Coinhive-loving masters.
Despite being alerted of the cryptojacking problem, Indian officials did not fix the issue even after a week
As reported by India Times, the security research team which detected the malicious scripts notified JA Chowdary, IT advisor to the chief minister of Andhra Pradesh and, although receiving an answer acknowledging the issue, the websites were still mining cryptocurrency a week later.
“Cryptojackers who manage to develop and maintain a network of hijacked computer systems are able to generate revenue with a fraction of the effort and attention caused by ransomware,” said Rajesh Maurya, Fortinet's regional VP for India and Saarc.
This is not the first time the Indian government had some of its websites defaced and used as stealthy cryptominers, seeing that no longer than March this year, the site of Union minister Ravi Shankar Prasad was stealthily mining for Monero coins.
Fortinet's VP also stated that cryptojacking is especially popular in India where a lot of Internet users watch TV shows and movies on illegal video-streaming websites that use their computers to mine for cryptocurrency as a hidden form of payment.