Buzz It Up News

Cryptocurrency Mining Malware Targets UK Government Websites

Late past year the first tales of cryptojacking came to light where sites secretly run mining scripts to make cash from visitor CPU time.

According to the BBC, Coinhive had been added to a plug-in made by Texthelp, which helps partially sighted and blind people access the internet.

"If you want to load a crypto miner on 1,000-plus websites you don't attack 1,000-plus websites, you attack the one website that they all load content from", said Helme.

The UK's data protection website is one of many infected by the malware.

TextHelp, which runs the Browsealoud service, is believed to have enacted its cyber-attack action plan after the incident, and is now consulting with an independent agency about a review of its security.

Browsealoud will remain offline until 12 pm on Tuesday.

"We don't know how Texthelp were compromised yet, so it is hard to say whether they were really unlucky or there was some kind of inherent problem with what they were doing".

Back in September 2017, popular magnet and torrent website (TPB) was discovered to be testing a new way to generate revenue that hijacked its visitors' CPU cycles to mine cryptocurrency.

The illicit cryptocurrency mining, known as cryptojacking, took place on more than 4,200 websites on February 11, using a malicious version of a tool called Browsealoud.

The Information Commissioner's Office (ICO) disabled its website over the weekend after it and thousands of other public and private-sector sites were hacked to include malicious Javascript code. This software has frequently breached, and in many cases succeeded in thousands of instances, having now targeted websites within the government itself across the United States and United Kingdom.

However, malware which installs such mining software without consent is fraudulent and can slow down visitor systems when legitimate websites are serving up mining scripts.

Texthelp said in a statement that the compromised plugin has been taken offline, adding that a "thorough investigation" is underway.

On Monday morning, Texthelp took the Browsealoud plug-in offline, which meant that new visitors to the affected sites would no longer load the crypto-jacking script. The Queensland government's legislation website, the Queensland Civil and Administrative Tribunal and the Victorian Parliament were reportedly affected.

A spokesperson from the NCSC said it is "examining data involving incidents of malware being used to illegally mine cryptocurrency". Notably, though, they said that "there is nothing to suggest that members of the public are at risk" at this stage.

Related Articles