Hackers hijack gov-run websites to mine Monero cryptocurrency

Share

At least 4,200 websites were affected by cryptocurrency mining software on Sunday, February 11, after a browser plugin used on those sites was apparently hacked to generate cryptocurrency for the hacker.

"We would like to reassure our website users that no council data or information has been accessed or compromised during this worldwide cyberattack", he said.

Among the government websites affected by the attack were those belonging to the National Health Service in the U.K., The Parliament of Victoria in Australia, and the United States Courts.

The hijacking script uses Coinhive, a popular mining script itself is not meant to be malicious-at least according to its creators-but has gained a reputation for being used in these types of attacks, often referred to as cryptojacking. The malware was inserted through websites codes to BrowseAloud, which is a plugin that helps the blind and partially-sighted people to use the internet.

After a friend's anti-virus program set out an alert on the site of the UK Information Commissioner's Office, Helme found the malicious script and traced it back to its source: Browsealoud.

The code caused the systems of users visiting the sites affected to contribute processing power to a cryptocurrency mining scheme, a researcher said.

Modi's backward-looking thought led to note ban, says Rahul Gandhi
The leader of opposition in Lok Sabha, Mallikarjun Kharge attacked Prime Minister Narendra Modi and the Bharatiya Janata Party (BJP) during his speech.

While currency miners are more of a nuisance than a threat, simply drawing on users' processing power, Helme said the hackers could have implanted more risky code if they had chosen to do so.

Coinhive's script was able to run across all of these sites thanks to a piece of software called BrowseAloud. "In this case it turned out that Texthelp, an assistive technology provider, had been compromised and one of their hosted script files changed". "The sheer number of sites affected by this is huge and some of them are really prominent government websites".

Commenting on the breach, Martin McKay, CTO and data security officer at the firm, said: "In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the a year ago".

Browsealoud operator Texthelp said it taken the tool offline as soon as one of its automated scans had discovered the modified file.

Helme found that the Browsealoud library was updated to include the cryptocurrency miner at around 3am GMT on Sunday, and the malware appears to have been served to website visitors during a four-hour period that day.

An investigation to try and uncover the perpetrator is now underway and technical experts are examining data from the incident, said a spokesperson for the National Cyber Security Centre in a statement.

Share