Hackers hijack United Kingdom websites to secretly mine cryptocurrency

Share

Over the past few months, websites and servers have been repeated targets of malware that forces web browsers to secretly mine cryptocurrencies while using sites.

The ICO said it was aware of the problem and was working to resolve it.

Government websites in the US, UK and Australia have been serving visitors cryptomining malware after a third-party service was compromised.

Scott Helme, a UK-based security researcher who discovered the malware, said government websites could have done more to prevent the attack.

The good news is the attack took place on Sunday morning and Texthelp has been quick to recognise the issue and take its service temporarily offline to fix it.

More than 4000 Australian and global government websites have been hijacked to run the Coinhive crypto currency mining software after a popular accessibility tool was compromised by attackers. Created by United Kingdom company TextHelp, the plugin enables screen reading software used by people with hearing impairments to navigate the web.

Rather than mining bitcoin, the most well-known cryptocurrency, the hacking software is being used to generate Monero - a rival currency worth around £180 per unit.

The researcher traced the code found in the ICO website to a third-party plugin, Browsealoud, which is meant to assist visually impaired visitors to website domains. At press time, the site was still down, citing "maintenance".


When mining cryptocurrency, the processing power of a computer is used to validate transactions on the cryptocurrency network.

The makers of Browsealoud, Texthelp, confirmed that hackers inserted a script known as Coinhive into their software. They include sites for Queensland government legislation, Queensland Urban Utilities, the Victorian parliament and South Australia's City of Unley, according to iTnews.

The company added that no customer data has been accessed or lost.

"A security review will be conducted by an independent security consultancy", said Martin McKay, Texthelp's data security officer.

"At this stage, there is nothing to suggest that members of the public are at risk".

"The affected services have been taken offline, largely mitigating the issue".

"At 11:14 am GMT on Sunday 11th February 2018, a JavaScript file which is part of the Texthelp Browsealoud product was compromised during a cyberattack".

The UK NCSC (National Cyber Security Centre) said: "NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency". "There are easy ways to make sure they don't do that".

Share