LA Times website hacked to mine Monero cryptocurrency

Another day, another Monero cryptocurrency miner – This time, the target was LA times’ The Homicide Report website.

Troy Mursch, a Las Vegas-based security researcher (“Bad Packets” on Twitter) identified that hackers compromised LA Times website to mine Monero cryptocurrency. The incident took place on February 21st on The Homicide Report, a website run by the LA Times to maintain records of homicides in Los Angeles County within one year.

LA Times website hacked to mine Monero cryptocurrency
A screenshot shared by researcher shows Monero cryptocurrency miner using their CPU power.

The researcher found that hackers compromised the domain and inserted a CoinHive’s Monero JavaScript miner which used the computing power (CPU) of visitors to mine Monero (XMR) coins without their knowledge or consent.

CoinHive is a company that provides cryptocurrency miner and sends any coins mined to the browser of the websites’ owner. Although mining codes provided by CoinHive are legal users have been found using them illegally especially by hacking websites like YouTubeBlackBerryStarbucksUS Court, and servers like OracleTesla, and Jenkins etc.

According to Mursch, he identified the presence of Monero miner on February 9th after analyzing the misconfigured Amazon AWS S3 storage bucket of the LA Times which allowed anyone with an Internet connection to access the database and manipulate with the code of their choice.

The researcher also noted that hackers intentionally kept the CPU usage of the server as low as possible allowing them to evade detection by not raising suspicion. This technique was previously used by hackers who compromised Tesla Motors Amazon Cloud server to mine Monero last week.

Mursch reported the incident to LA Times but there was no response from the media giant; however, the Monero mining code was removed from the website.

Remember, hackers are becoming highly sophisticated and persistent in their attacks, therefore, users should be aware of identifying and blocking cryptocurrency miners from using their computing powers. Currently, Opera Mini browser for desktop, Android, and iOS apps blocks cryptocurrency miners.

Users can also install minerBlock and No Coin extensions from Chrome web store developed to block cryptocurrency mining and cryptojacking. Both extensions are open source and open to the public, users can check out the source code on Github here and here.


Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.