Government websites in India – ranging from state government-level sites to those of municipal corporations – have fallen victim to crypto-jacking, a form of hacking that uses someone else’s computing power to mine cryptocurrencies for the attacker. According to a report by the Economic Times, the websites of the director of the municipal administration of Andhra Pradesh, the Tirupati Municipal Corporation and the Macherla municipality are among hundreds of Indian websites being used to mine cryptocurrencies for attackers, using the Coinhive script.
Government websites in the country see a lot of traffic from ordinary citizens every day, who are looking for information related to civic amenities or facilities. The report suggests that these sites are infected with a malicious script which loads the mining code onto a visitor’s computer, and then uses that electricity and internet connection to mine for cryptocurrency. Of course, considering that this is being done on the sly, there’s no question of consent by the affected users.
The hackers are said to be using the scripts to mine for Monero, a particular cryptocurrency that is known for its anonymity and difficulty to trace. Furthermore, government websites are being targeted as they offer a fair amount of lay users in the form of traffic, as well as being relatively lax on security. A similar instance was detected earlier this year with the official website of Union Government Minister Ravi Shankar Prasad, which was also being used to mine for Monero.
WATCH: How do cryptocurrencies work?
The report suggests that hundreds of websites are affected by the malware. And while the increase in electricity and internet usage might be miniscule per person, it’s a large-scale security lapse considering how much illicit profit it’s making for the hackers.