Security researchers found that hackers stole the processing power of several Indian government websites to mine cryptocurrencies.
Citizen portals such as that of the municipal administration of Andhra Pradesh (AP), Tirupati Municipal Corporation and Macherla municipality are among the hundreds of Indian websites that are found to be infected by cryptojacking malware. Cryptojacking, as the term indicates, allows hackers to access victims’ computers for the sole purpose of mining cryptocurrencies. Hackers do this by fooling victims into clicking malicious links on emails, or by infecting websites with JavaScript code by loading it into the victims’ browsers.
“Hackers target government websites for mining cryptocurrency because those websites get high traffic and most people trust them,” – Indrajeet Bhuyan, one of the security researchers, stated. – “Earlier, we saw a lot of government websites getting defaced. Now, injecting crypto-jackers is more fashionable as the hacker can make money.”
An effort from Indian media to speak to JA Chowdary, the IT advisor to AP’s Chief Minister, yielded a one-liner response from him.
“Thanks for notifying us about the AP website hacking,” – he said.
Despite acknowledging the cryptojacking malware, the websites continued to run the scripts as of September 16.