Over 5,000 websites across the UK and Australia, including government sites, were cryptojacked to force visitors’ computers to mine cryptocurrency.
More than 5,000 websites, including government portals in the UK and Australia, fell victim to malware that forces the computers of visitors to unsuspectingly mine cryptocurrency, various media reported.
The massive cryptojacking was discovered on Sunday, when UK security researcher Scott Helme was notified by a friend. The latter’s anti-virus program raised the alert about a piece of malware after a visit to the website of the UK Information Commissioner’s Office.
Helme told Sky News:
“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States. Someone just messaged me to say their local government website in Australia is using the software as well.”
Helme’s research showed that UK websites affected by the malware include those of the National Health System, the Northern Powergrid, and the Student Loans Company. In Australia, the Queensland Civil and Administrative Tribunal, the Victorian Parliament, and the Queensland Government’s legislation websites were affected.
The UK’s National Cyber Security Centre issued a comment through its spokesperson:
“NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency. The affected services have been taken offline, largely mitigating the issue. Government websites will continue to operate securely. At this stage, there is nothing to suggest that members of the public are at risk.”
Helme traced the malicious script to BrowseAloud, a website plug-in used to aid people with dyslexia, low vision, or low literacy in accessing the internet. He added that a program called Coinhive was inserted into the BrowseAloud plug-in to quietly mine open-source digital currency Monero by using the processing power of the visitors’ computers.
BrowseAloud operator Texthelp quickly took down the website on Sunday after receiving Helme’s alert. Texthelp said it was investigating the matter and described the breach of its system as a “criminal act.”
Texthelp chief technology officer Martin McKay said in a statement:
“Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file, and as a result, the product was taken offline.”
Crypto market at increased risk
The discovery of the latest malicious script follows shortly after the release of the Q4 2017 Cybercrime Report by ThreatMetrix, which said the cryptocurrency market was operating in a landscape of heightened risk.
The San Jose, California-based security technology company noted that the cryptocurrency space can be credited with revolutionizing the financial system, but it is also under growing threat because it brings together features that hackers and cyber fraudsters find highly attractive, including anonymity.
The ICO’s website will remain closed as we continue to investigate a problem which is thought to involve an issue with the Browsealoud feature.
— ICO (@ICOnews) February 12, 2018