Over 4200 US, UK government websites infected with crypto-mining malware

Angelica Greene
February 15, 2018

The NCSC said it has issued an advisory to all its constituents of government departments and agencies, as well as critical national infrastructure providers, "informing them of the issue and outlining a number of mitigation tech steps to prevent similar types of incidents occurring in the future".

Over 4000 websites including several belonging to United Kingdom and U.S. government agencies were found over the weekend to be running hidden crypto-mining malware.

The sites along with about 3500 other sites across the globe many associated with government were primarily hijacked to run the Coinhive crypto-currency mining software according to British security researcher Scott Helme who uncovered the attacks at the weekend.

In a report last month, cybersecurity firm CrowdStrike highlighted the rise of cryptocurrency mining, a relatively new flavor of attack.

Texthelp, the company which makes the plug-in, confirmed that the product was affected for four hours by malicious code created to generate cryptocurrency. Cryptojacking involves a computer being taken over to mine cryptocurrency, such as Bitcoin, which in turn dramatically slows the affected computer and earns far-flung hackers pennies per minute.

The researcher traced the code found in the ICO website to a third-party plugin, Browsealoud, which is meant to assist visually impaired visitors to website domains.

Philippines imposes 'total ban' on citizens taking up jobs in Kuwait
Just last week, the government confirmed that the body found in a freezer in a vacant apartment in Kuwait was that of a Filipina. An estimated 250,000 Filipinos work in Kuwait, 75 percent of which are domestic helpers.

No increased flu shot demand, despite influenza-related deaths
Hospitalization rates are already approaching total numbers seen at the end of the flu season, which may not be for months. Pediatricians say they're inundated with panicked moms and dads concerned their sick child might have the flu.

Trans-Tasman T20 tri-series
Newcomers Mark Chapman (20) and Tim Seifert (14 not out) provided the late fireworks on their global debuts. Chapman and Seifert scored quick runs.

Cryptocurrency mining software is not illegal and some websites have begun tinkering with plugins that borrow visitor CPU power to mine virtual currency, potentially as an alternative for advertising.

However, while CDNs and other hosted assets remain vulnerable, Helme says it's actually "pretty easy to defend yourself against this attack." How?

Hackers inserted a script called Coinhive, the makers of Browsealoud, Texthelp, has confirmed. It hides in a website's code and steals the processing power of its visitors' devices to mine cryptocurrency.

The sites were serving the code for at least a few hours on Sunday until Texthelp Ltd., the company behind the plugin, disabled the cryptomining code. No customer data was leaked, the spokesperson added.

The National Cyber Security Centre (NCSC) said it was investigating the incident. Notably, though, they said that "there is nothing to suggest that members of the public are at risk" at this stage. "Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline", he added. "There are easy ways to make sure they don't do that".

Other reports by GizPress

Discuss This Article