The Economic Times said on Monday that official government websites in India run crypto mining scripts without the knowledge of their owners.
The websites of the municipal government in Andhra Pradesh state, among others, were infected with cryptomining software such as coinhive, security researchers found. Users visiting these websites will unknowingly mine cryptocurrencies on behalf of hackers who originally had the injected of scripts in websites.
The process is called cryptojacking, because malicious scripts essentially hijack the user’s computer in cryptocurrencies.
According to the report, security researcher Shakil Ahmed, Anish Sharma and Indrajeet Bhuyan discovered the weaknesses, it was found that three sites running cryptojacking malware belong to the ap.gov.in subdomain, which sees 160,000 hits per month.
Bhuyan told the Times that the official website is a popular target for malicious actors. Andhra Pradesh’s IT Secretary did not respond to the comments request by the Times, however, the state’s IT consultant JA Chaudhary said, “Thank you for informing us about AP website hacking,” according to the report, on September 10.
Times noted that, despite accepting cryptojacking malware, websites continued to run the script till September 16.
It is not clear how long every website runs cryptojacking software, or how many cryptocurrencies were mined for the attackers.