Hackers hijack government websites with cryptocurrency mining malware

Cryptocurrency-mining hackers attack government websites including UK and US

Scott Helme, a UK-based security researcher, discovered that more than 4,200 websites, including several government ones, were infected on Sunday with a virus that helps criminals mine cryptocurrencies.

Apparently, hackers managed to inject Coinhive cryptocurrency-mining code in theย U.S. and U.K. government websitesย that forces web browsers to secretly mine cryptocurrency. As a result, innocent visitors who visited these compromised websites would have their computers and phonesย commandeeredย in order to mine cyrptocurrencies for the criminals.

According to reports, websites that were infected with virus include those belonging to the Information Commissionerโ€™s Office (ICO), Student Loans Company and Scottishย NHSย helpline among others. The list of 4,200-plus affected websitesย can be found here.

In fact, ICO, the website of UKโ€™s data protection watchdog, was taken offline after they were warned that hackers were taking control of visitors’ computers to mine cryptocurrency. The ICO said: “We are aware of the issue and are working to resolve it.”

Helme said he was informed by a friend who had received a malware warning when he visited UK government site, ico.org.uk. He found that the website was using the Coinhiveย in-browser mining (cryptojacking) script that caused the visitors machines to use their CPU to mine the digital currency calledย Monero.

On investigating further, Helme found that several other government websites from various countries such as uscourts.gov, gmc-uk.gov, nhsinform.scot, manchester.gov.uk, and many more too had started injecting a Coinhive miner.

The affected code injected in the above websites was a malicious version of a widely used text-to-speech accessibility script known as Browsealoud, which is used to help blind and partially sighted people access the web, the report says.

British tech company Texthelp, the company which makes the plug-in, confirmed that the Browsealoud script was compromised but no other Texthelp services were affected.

In a statement, Martin McKay, Texthelp’s Chief Technology Officer (CTO), in a statement saidย the compromise was a criminal act and an investigation is underway.

โ€œUsers who visit the hacked sites will immediately have their computers’ processing power hijacked toย mine cryptocurrencyย – potentially netting thousands for those responsible. Government websites continue to operate securely.

โ€œThe company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers’ CPUs to attempt to generate cryptocurrency,โ€ it said.

โ€œThe Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Tuesday 12.00 GMT.

โ€œAt this stage there is nothing to suggest that members of the public are at risk.โ€

Talking about the attack, Helme said, โ€œThis type of attack isnโ€™t new โ€“ but this is the biggest Iโ€™ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States.

โ€œSomeone just messaged me to say their local government website in Australia is using the software as well.โ€

A spokesperson for the National Cyber Security Centre (NCSC) said: โ€œNCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency.

โ€œThe affected services has been taken offline, largely mitigating the issue. Government websites will continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk.โ€

Kavita Iyer
Kavita Iyerhttps://www.techworm.net
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human!!!

Read More

Suggested Post