LA Times victime de cryptojacking : avertissement amical dévoilé

Cryptocurrency-related hacking is all the rage these days. It’s like a gold rush, except instead of marauders, we now have hackers that mine coins using unwitting victims’ systems.

This time, the Los Angeles Times gothit by an attackin which its Amazon S3 bucket (a platform used to store data) was hijacked with code from the infamous CoinHive platform.

In theory, CoinHive is used to allow websites to mine Monero from their visitors’ CPUs to generate passive income as an alternative to advertising.

However, some hackers have used this as a means to hijack web servers and transform them into mining mills that send cryptocurrency directly to their own wallets.

Although it is usually easy to spot a CoinHive script on a website, such wasn’t the case with the LA Times.

The hacker obfuscated the code to make it look like a bunch of gibberish inside the page source.

Whoever it was managed to infiltrate the newspaper’s Amazon S3 bucket because it was set by accident in a way that anyone who gains access can write to it.

The person behind the attack was even kind enough to leave a note:

“Hello. This is a friendly warning that your Amazon AWS S3 bucket settings are wrong. Anyone can write to this bucket. Please fix this before a bad guy finds it.”

Although CoinHive is often associated with malicious activities such as cryptojacking, it is sometimes used as a legitimate alternative to ads.

Salon, for example, recently implemented the script to offer a choice to readers who use Adblock on its site.

Instead of simply begging them to turn it off as most sites do, the publication gives them the choice tomine Monerofor it while reading it for free.

After clicking on the cryptocurrency mining option, readers get anotification asking them if allows Salon to use their computer resources to perform calculations.