Published: Thu, February 15, 2018
Sci-tech | By Spencer Schmidt

Crypto-Mining Malware Found on 4000+ Sites

Crypto-Mining Malware Found on 4000+ Sites

Thousands of government websites were hijacked over the weekend by hackers, in a bid to seize control of visitors' computers to mine cryptocurrency.

The ICO said it was aware of the problem and was working to resolve it. After digging for more information, he found that every webpage on the website was compromised by a Coinhive script loaded from a third-party library, not by some code hosted by ICO themselves.

United Kingdom security researcher Scott Helme and friend Ian Thornton-Trump noticed the ICO website had an illegal cryptominer installed on multiple pages, which appeared to have been inserted to the site's code through an accessibility website plug in called Browsealoud. "A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the U.S.", Helme told Sky News.

Australian government websites using the same plugin were also compromised. The program, made by the British software company Texthelp, is a tool that reads and translates website content for visitors with dyslexia or who are foreign-language speakers.

According to the BBC, the cryptocurrency involved was Monero-a Bitcoin rival created to be untraceable.

However, the National Cyber Security Centre (NCSC) said that the affected services had been taken offline and that there was no indication the public is at risk, The Guardian reports. He said it's a very lucrative proposal because hackers infect only one website and it infects around 5,000.

The malicious code inserted cryptocurrency mining software from Coinhive into the Browsealoud plugin.

Because the malware only runs while someone is actively visiting an infected site, there is no further risk to users' computers, Mr Helme added.

According to NOS, more than a hundred Dutch sites were used to mine Monero, including the websites of Eindhoven and Utrecht's libraries, and the municipal sites of Bergen op Zoom and Wageningen.

Texthelp said it disabled Browsealoud after Helme reported the issue and has commissioned an independent security review into how the attack occurred. The exploit was active for a period of four hours on Sunday, ' the company explains.'The Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Tuesday 12:00 GMT. Browsealoud maker Texthelp also claims to have detected the malware file modifications and has issued a statement confirming that no customer data was involved in the incident.

The malicious code turns any computer that connects to the infected website into a device that mines or generates a particular cryptocurrency on behalf of those behind the operation.

Like this: