Coinhive on computers, malware at telegram: vulnerabilities to the mining used
in the first days of February were around 4,000 State Web pages of the United States and the United Kingdom about the alienated WordPress extension  browsealoud infected . The infestation with the Monero- mining software Coinhive the British security researcher Scott discovered helmets . In addition, there is a new security bug at the telegram Messenger which is also used by malware of the unwanted mining .
Texthelp the commercial software the eponymous company posts translated automatically, to read them to the visitors of a website in different languages. Using the plug-in the browsealoud you can make available the software in all WordPress blogs. The cyber criminals have changed only a tiny script called ba.js to the mining malicious software from Coinhive to install on the Web logs. The text-to-speech software and plug ins running on countless Government websites, what has made the work of cybercriminals easy. In addition, such mining software only worth if the infected pages, enough visitors are online. The hackers were so very picky when choosing their victims.
The British security researcher Scott helmets has noticed the infection and about having regard to various operators via Twitter. The manufacturer of texthelp browsealoud taken the WordPress extension on February 11 from the mains to protect the user from further damage. Who wants to protect themselves against such malicious programs that can do this with one of the many mining detectors or-Blockern, which are available in the chrome Web store and to the add-on page of Mozilla . Also, run any scripts which Cybercriminals have a chance more to the mining stops NoScript .
Crypto-mining: Kaspersky Lab discovers new vulnerability in telegram currently also a previously unknown security hole in the desktop app of the Messenger service telegram worries
. Either the computer is prepared for a later acquisition of cyber criminals or just infected with various malware. Since Messenger are increasingly popular, they also become a popular target for hackers. In addition to conventional malware and spyware, also optional mining software for locally, Zcash or Fantomcoin on the infected machine is played by telegram of the vulnerability. Users should, animate through their Messenger to download infected files and display the essential images, making the acquisition of computer begins. The zero-day vulnerability is based on the Unicode RLO method (right-to-left override) and can be used according to Kaspersky Lab on Mac OS X and Windows PCs. The manufacturer of telegram was set over the weakness in knowledge. Since then it has more according to Kaspersky Lab no further infections.
Who wants to go to play it safe, to accept in principle no files of unknown chat partners via telegram. For example, displaying images or PDF documents is especially critical, as in the acquisition of the computer. First evidence in the investigation of malicious software have a Russian background of cybercriminals.