SWITCH Security-Blog

SWITCH-CERT IT-Security Blog

1 Comment

Money for Nothing and Coins for Free

Beginning in mid-September 2017, we started seeing a new abuse scheme on .ch and .li domains. The websites in question were running on outdated software and inevitably, hackers exploited some well-known vulnerability in order to inject malicious code. At this point we would usually expect an exploit kit in the website’s content with the purpose of infecting the victim’s machine with malware. In these cases however, the Javascript inject often looked somewhat like the following:

This code is designed to run in the background of the victim’s browser and immediately starts an endless loop of intensive computations at full pace, effectively turning the browser into a hash-crunching mule for the sake of distributed mining of cryptocoins, with profits going directly to the hacker.

Continue reading


The September 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Bug bounties and the Cyber Grand Challenge
  • Pegasus spies on Apple devices, QuadRooter threatens Android
  • A USD 22 billion investment pays off – WhatsApp shares phone numbers with Facebook
  • Now you see them, now you don’t – another multi-million-dollar Bitcoin theft
  • DiskFiltration and Fansmitter attempt to bridge the air gap

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.