Over 4200 US, UK government websites infected with crypto-mining malware

Angelica Greene
February 15, 2018

The NCSC said it has issued an advisory to all its constituents of government departments and agencies, as well as critical national infrastructure providers, "informing them of the issue and outlining a number of mitigation tech steps to prevent similar types of incidents occurring in the future".

Over 4000 websites including several belonging to United Kingdom and U.S. government agencies were found over the weekend to be running hidden crypto-mining malware.

The sites along with about 3500 other sites across the globe many associated with government were primarily hijacked to run the Coinhive crypto-currency mining software according to British security researcher Scott Helme who uncovered the attacks at the weekend.

In a report last month, cybersecurity firm CrowdStrike highlighted the rise of cryptocurrency mining, a relatively new flavor of attack.

Texthelp, the company which makes the plug-in, confirmed that the product was affected for four hours by malicious code created to generate cryptocurrency. Cryptojacking involves a computer being taken over to mine cryptocurrency, such as Bitcoin, which in turn dramatically slows the affected computer and earns far-flung hackers pennies per minute.

The researcher traced the code found in the ICO website to a third-party plugin, Browsealoud, which is meant to assist visually impaired visitors to website domains.

Abbas tells Putin he wants US peace role diluted
Meanwhile in an interview Trump also cast doubt on the Palestinians' desire to strike a deal. This is about our very existence and upholding worldwide law.

Amazon layoffs: Hundreds of job cuts in Seattle, global offices might follow
The cuts in its consumer business are expected to be completed in weeks as the firm shifts resources to other fast-growing areas. The company's global workforce also numbered 566,000 in the same report, a 66 percent increase from the same time previous year .

German Social Democrats shake up leadership, focus on govt
In a cartoon on Tuesday, the Sueddeutsche Zeitung daily showed Ms Nahles with a whip riding an SPD snail. The latest opinion poll of Insa has given the SPD just 16.5 percent of the vote.

Cryptocurrency mining software is not illegal and some websites have begun tinkering with plugins that borrow visitor CPU power to mine virtual currency, potentially as an alternative for advertising.

However, while CDNs and other hosted assets remain vulnerable, Helme says it's actually "pretty easy to defend yourself against this attack." How?

Hackers inserted a script called Coinhive, the makers of Browsealoud, Texthelp, has confirmed. It hides in a website's code and steals the processing power of its visitors' devices to mine cryptocurrency.

The sites were serving the code for at least a few hours on Sunday until Texthelp Ltd., the company behind the plugin, disabled the cryptomining code. No customer data was leaked, the spokesperson added.

The National Cyber Security Centre (NCSC) said it was investigating the incident. Notably, though, they said that "there is nothing to suggest that members of the public are at risk" at this stage. "Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline", he added. "There are easy ways to make sure they don't do that".

Other reports by GizPress

Discuss This Article