Hackers have found a way to exploit Indian government websites in order to make a fortune from mining cryptocurrency through the use of a cyberattack called cryptojacking. Recently, a team of security researchers from Guwahati, in northeast India, found that municipal government websites in the southern state of Andhra Pradesh, along with hundreds of other Indian websites, were affected by crypto mining malware.

"Cryptojacking is a serious issue and these days a lot of hackers are moving from defacement to cryptojacking," Indrajeet Bhuyan, one of the security researchers involved in the findings, said in a Twitter post. "Government websites in the country are inadvertently helping hackers make magic internet money off of their websites," he told Indian daily the Economic Times on Monday. 

Cryptojacking has become an increasingly popular way for hackers to acquire unauthorized access to personal computers for mining cryptocurrencies. Hackers get users to click on a malicious code (embedded in links to websites), usually through emails, that loads crypto mining code on the computer. Sometimes, hackers infect a website with JavaScript code that can mine cryptocurrencies from visitors’ computers. 

“Hackers target government websites for mining cryptocurrency because those websites get high traffic and most people trust them. Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting crypto jackers is more fashionable as the hacker can make money," Bhuyan told the Economic Times.

Along with security researchers Shakil Ahmed and Anisha Sarma, Bhuyan first discovered vulnerabilities on the government websites, finding three websites running cryptojacking malware that belonged to the Andhra Pradesh state portal's subdomain, which sees approximately 160,000 hits every month.

The Economic Times reached out to J.A. Chowdary, IT advisor to the chief minister of Andhra Pradesh, on Sept. 10 to caution about the malware, who said, "Thanks for notifying us about the AP [Andhra Pradesh] website hacking."

Despite acknowledging the cryptojacking malware, the websites continued to run the scripts as of Sept. 16, the newspaper noted. It is unclear how long each website ran cryptojacking software, or which cryptocurrency and what amount was mined.

Beside government websites, the malware has been spreading and affecting enterprise systems as well. PublicWWW (a search engine for source code) lists over 119 Indian websites that run coinhive script — a program to mine cryptocurrencies.

"Bhuyan and his team ran a software script or code on the homepages of over 4,000 websites from the goidirectory [Government of India Web Directory] to identify cryptojacking scripts. Many of them had been taken down without him reaching out to them," the Economic Times reported.

Petya malware Some state government websites in India are being used to mine cryptocurrencies illegally. Here, a view shows a laptop display (right) showing part of a code, which is the component of Petya malware computer virus according to representatives of Ukrainian cyber security firm ISSP, with an employee working nearby at the firm's office in Kiev, Ukraine, July 4, 2017. Photo: REUTERS/Valentyn Ogirenko

Coinhive is one of the most popular cryptocurrency mining services and it is turning out to be profitable for miners, including hackers. In May, security researcher Troy Mursch published a report that incorporated details on how coinhive was attaching onto unsuspecting sites around the web. The researcher detected the coinhive code running on nearly 400 websites, including those belonging to the San Diego Zoo, Lenovo, and the U.S. National Labor Relations Board.

Another insight was presented in the Trend Micro midyear roundup report titled “Unseen Threats, Imminent Losses”. This report, released in August, said the methods employed by hackers to obtain benefit from device owners have shifted from ubiquitous, highly visible malware attacks to the relatively silent but no less devastating deployment of cryptojacking.

The security researchers say the estimated revenue generated through cryptojacking depends on the audience, the number of systems compromised and how long people stay on a website. The more time spent while surfing on the site, the more CPU cycles that can be borrowed to mine cryptocurrencies. 

“Crypto mining activity is becoming a very big business in India. This technology is most effective on illegal video-streaming websites where people stay for hours watching movies or TV series," Rajesh Maurya, regional vice-president for India-SAARC at cybersecurity company Fortinet, said.

In March, the website of Indian Union Minister for Information Technology, Ravi Shankar Prasad, was hacked by cryptojackers to mine the cryptocurrency monero. The website was subsequently fixed.