Over 4200 US, UK government websites infected with crypto-mining malware

Angelica Greene
February 15, 2018

The NCSC said it has issued an advisory to all its constituents of government departments and agencies, as well as critical national infrastructure providers, "informing them of the issue and outlining a number of mitigation tech steps to prevent similar types of incidents occurring in the future".

Over 4000 websites including several belonging to United Kingdom and U.S. government agencies were found over the weekend to be running hidden crypto-mining malware.

The sites along with about 3500 other sites across the globe many associated with government were primarily hijacked to run the Coinhive crypto-currency mining software according to British security researcher Scott Helme who uncovered the attacks at the weekend.

In a report last month, cybersecurity firm CrowdStrike highlighted the rise of cryptocurrency mining, a relatively new flavor of attack.

Texthelp, the company which makes the plug-in, confirmed that the product was affected for four hours by malicious code created to generate cryptocurrency. Cryptojacking involves a computer being taken over to mine cryptocurrency, such as Bitcoin, which in turn dramatically slows the affected computer and earns far-flung hackers pennies per minute.

The researcher traced the code found in the ICO website to a third-party plugin, Browsealoud, which is meant to assist visually impaired visitors to website domains.

Philippines imposes 'total ban' on citizens taking up jobs in Kuwait
Just last week, the government confirmed that the body found in a freezer in a vacant apartment in Kuwait was that of a Filipina. An estimated 250,000 Filipinos work in Kuwait, 75 percent of which are domestic helpers.

German Social Democrats shake up leadership, focus on govt
In a cartoon on Tuesday, the Sueddeutsche Zeitung daily showed Ms Nahles with a whip riding an SPD snail. The latest opinion poll of Insa has given the SPD just 16.5 percent of the vote.

Susan Rice Email Puts Obama in Crosshairs of Muellergate
Then-National Security Adviser Susan Rice is seen on the South Lawn of the White House in Washington on July 7, 2016. The meeting was revealed in an email sent by Rice to herself on Inauguration Day.

Cryptocurrency mining software is not illegal and some websites have begun tinkering with plugins that borrow visitor CPU power to mine virtual currency, potentially as an alternative for advertising.

However, while CDNs and other hosted assets remain vulnerable, Helme says it's actually "pretty easy to defend yourself against this attack." How?

Hackers inserted a script called Coinhive, the makers of Browsealoud, Texthelp, has confirmed. It hides in a website's code and steals the processing power of its visitors' devices to mine cryptocurrency.

The sites were serving the code for at least a few hours on Sunday until Texthelp Ltd., the company behind the plugin, disabled the cryptomining code. No customer data was leaked, the spokesperson added.

The National Cyber Security Centre (NCSC) said it was investigating the incident. Notably, though, they said that "there is nothing to suggest that members of the public are at risk" at this stage. "Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline", he added. "There are easy ways to make sure they don't do that".

Other reports by GizPress

Discuss This Article