February 21 (Wednesday), 2018
The Los Angeles Times is reportedly one of a large group of websites that were affected by the unauthorized injection of a cryptocurrency-mining script.
Up until a few days ago, thousands of websites around the world – from the United Kingdom’s National Health Service to the United States’ court information portal (uscourts.gov) – had been secretly mining cryptocurrency using the CPU resources of their visitors’ computers.
The affected sites all were found to be using a plugin called BrowseAloud, which is used for reading out webpages for blind or partially sighted people.
Hackers are being blamed for altering BrowseAloud’s source code in order to silently include a Monero miner into every webpage offering Browsealoud. Monero is a privacy-focused cryptocurrency that’s distinct from Bitcoin. Many coiners prefer to mine Monero XMR because, unlike Bitcoin BTC, which has moved on to only being worth mining on expensive specialized equipment, XMR can still be mined on a regular computer.
Upon being informed of the situation, the cryptomining facilitator Coinhive immediately terminated the account associated with the BrowseAloud malware incident.
Hackers did not need to have directly accessed the LAT website in order to serve up the script. It is likely that the website was using a third-party plugin that was compromised and used by bad actors to inject the code used for Monero mining.
In fact, later today, The Register reported that The Times‘ IT staffers had left at least one of their Amazon Web Services (AWS) S3 cloud storage buckets wide open for anyone on the internet to change, update and tamper.
* As of Wednesday evening, the script seems to have been removed from the L.A. Times website.
Other websites such as Salon have been offering their visitors the option to donate their CPU power in lieu of seeing ads.