Categories: CryptocurrencyHacking news

Hackers hijack government websites with cryptocurrency mining malware



Cryptocurrency-mining hackers attack government websites including UK and US

Scott Helme, a UK-based security researcher, discovered that more than 4,200 websites, including several government ones, were infected on Sunday with a virus that helps criminals mine cryptocurrencies.

Apparently, hackers managed to inject Coinhive cryptocurrency-mining code in the U.S. and U.K. government websites that forces web browsers to secretly mine cryptocurrency. As a result, innocent visitors who visited these compromised websites would have their computers and phones commandeered in order to mine cyrptocurrencies for the criminals.

According to reports, websites that were infected with virus include those belonging to the Information Commissioner’s Office (ICO), Student Loans Company and Scottish NHS helpline among others. The list of 4,200-plus affected websites can be found here.

In fact, ICO, the website of UK’s data protection watchdog, was taken offline after they were warned that hackers were taking control of visitors’ computers to mine cryptocurrency. The ICO said: “We are aware of the issue and are working to resolve it.”

Helme said he was informed by a friend who had received a malware warning when he visited UK government site, ico.org.uk. He found that the website was using the Coinhive in-browser mining (cryptojacking) script that caused the visitors machines to use their CPU to mine the digital currency called Monero.

On investigating further, Helme found that several other government websites from various countries such as uscourts.gov, gmc-uk.gov, nhsinform.scot, manchester.gov.uk, and many more too had started injecting a Coinhive miner.

The affected code injected in the above websites was a malicious version of a widely used text-to-speech accessibility script known as Browsealoud, which is used to help blind and partially sighted people access the web, the report says.



British tech company Texthelp, the company which makes the plug-in, confirmed that the Browsealoud script was compromised but no other Texthelp services were affected.

In a statement, Martin McKay, Texthelp’s Chief Technology Officer (CTO), in a statement said the compromise was a criminal act and an investigation is underway.

“Users who visit the hacked sites will immediately have their computers’ processing power hijacked to mine cryptocurrency – potentially netting thousands for those responsible. Government websites continue to operate securely.

“The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers’ CPUs to attempt to generate cryptocurrency,” it said.

“The Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Tuesday 12.00 GMT.

“At this stage there is nothing to suggest that members of the public are at risk.”

Talking about the attack, Helme said, “This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States.

“Someone just messaged me to say their local government website in Australia is using the software as well.”

A spokesperson for the National Cyber Security Centre (NCSC) said: “NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency.

“The affected services has been taken offline, largely mitigating the issue. Government websites will continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk.”

Kavita Iyer

An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human

Recent Posts

iOS web attack crashes, causes iPhones or iPads to restart

This new CSS-based web attack can crash and restart iPhones or iPads and can cause a Mac computer to freeze…

14 hours ago

Nvidia GeForce RTX 2080 Ti Release Postponed To September 27th

Nvidia delays the launch date of GeForce RTX 2080 Ti by a week Nvidia has decided to postpone the release…

1 day ago

Samsung’s Galaxy Note 9 catches fire in woman’s purse

Woman sues Samsung over Galaxy Note 9 bursting into flames A woman in Long Island has filed a lawsuit against Samsung after…

2 days ago

North Korean hacker charged for WannaCry and Sony cyberattacks

U.S. charges North Korean hacker for WannaCry, Sony cyber attacks The U.S. government on Thursday charged and sanctioned a North…

2 weeks ago

Google launches ‘Dataset Search’ to help scientists and journalists

Google Dataset Search: This new search engine helps scientists hunt for public data Google on Wednesday launched a new search…

2 weeks ago

Android Q will warn users for running apps made for older Android versions

Android Q will soon warn apps running on Android Lollipop or earlier It’s only been a month since Google has…

2 weeks ago