Crypto Mining Malware Infects Hundreds of Indian Government Websites

There have been a rising number of cryptojacking incidents in India in recent months, as hackers target hundreds of the country’s government websites, compromising their security by injecting a malware used for illicit crypto mining.

For a long time, the Indian government has had a tumultuous relationship with the crypto industry. At present, the country’s Supreme Court is in the process of ruling on an ongoing legal dispute between the Reserve Bank of India (RBI) against a number of domestic crypto exchanges, a case stemming from the central bank’s previous crackdown, ordering all Indian banks and financial institutions to withhold banking services from crypto exchanges and individual traders.

Ironically, the very government that has taken a hard stance against the crypto industry has now become an unknowing participant in the activities it is desperately attempting to curb from the get go, as hundreds of Indian government websites have recently been discovered to illicitly mine cryptocurrencies.

News of the clandestine crypto mining operation first emerged when three Indian security researchers, Shakil Ahmed, Anish Sarma, and Indrajeet Bhuyan, combed through hundreds of official government websites and discovered a cryptojacking malware that has been leeching off the site to mine cryptocurrencies.

As Bhuyan noted:

“Hackers target government websites for mining cryptocurrency because those websites get high traffic and mostly people trust them. Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting cryptojackers is more fashionable as the hacker can make money.”

As the researchers indicated, AP government websites are among those with the highest traffic, receiving over 1.6 million visitors on average each month.

While the Indian government’s chief minister has since been promptly notified of the system breach, the websites still continue to run the malware a week after it was first detected.

As further detailed in the research findings, it was not only official government websites that have been infested with crypto malware, as over 119 public websites have also been breached, with Coinhive, a malware commonly used for mining Monero, being the popular choice among crypto jackers.

The prevalence of cryptojacking in the country had become so pervasive that India now places on the second spot among the top countries with internet-connected devices being exploited for unauthorized crypto mining operations, lagging only by a small margin alongside Brazil.

As cybersecurity firm Fortinet’s regional VP Rajesh Maurya recently stated:

Crypto mining activity is becoming a very big business in India. This technology is most effective on illegal video-streaming websites where people stay for hours watching movies or TV series.

A recently published report by Fortinet indicated that cryptojacking appeared to be a rapidly growing enterprise, as over 13 percent of all organizations during the fourth quarter of 2013 have been found to be running cryptojacking malware. This figure has since escalated to more than 28 percent during the first quarter of this year.