Cryptocurrency mining malware hits thousands of websites.
Hackers have injected a notorious malware into thousands of websites which forces the visitors’ computers to mine cryptocurrency, media reports said on Sunday.
The infected websites included both US and UK government sites. Some of the affected sites belonged to United States Courts, National Health Service (NHS), the Student Loans Company and several other central and local government sites.
The attackers hijacked the targeted websites using a process called “cryptojacking” that make infected sites run a program to help them use visitors’ computers to mine cryptocurrencies like Bitcoin and Ethereum.
It was discovered on Sunday that the website of the UK’s Information Commissioner’s Office was infected by the Coinhive in-browser mining (cryptojacking) script, which could use the processing power of any visitor’s computer to mine the digital currency called Monero.
The issue was first noticed by Scott Helme, an IT security consultant, who later discovered that the Coinhive miner was injected in other government sites like uscourts.gov, nhsinform.scot and manchester.gov.uk.
Hackers apparently compromised all of the affected websites by utilizing a popular text-to-speech plugin called BrowseAloud, which helps blind and partially-sighted people access the web. When Helme examined the BrowseAloud script, he found it containing malicious code to inject the Coinhive miner into 4,275 websites.
“If you want to load a crypto miner on 1,000+ websites you don’t attack 1,000+ websites, you attack the 1 website that they all load content from. In this case, it turned out that Text Help, an assistive technology provider, had been compromised and one of their hosted script files changed,” Helme wrote in an article.
In response to the cyberattack, TextHelp.com, which operates BrowseAloud, took the script down on Sunday and said that an investigation would be conducted.
“A security review will be conducted by an independent security consultancy. The investigation is ongoing, and customers will receive a further update when the security investigated has been completed,” Martin McKay, CTO and Data Security Officer at TextHelp, said.
The UK National Cyber Security Centre (NCSC) also said that its technical experts were examining the cryptojacking incident.
“The affected services have been taken offline, largely mitigating the issue. Government websites will continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk,” a spokesperson for the NCSC said.