Cryptocurrency Mining Malware Infects Government Websites In Multiple Countries All Across The World


02/13/2018



A malware the forces the computers of visitors to of certain websites to mine cryptocurrencies when the users use the sites has been detected by experts. Thousands of such websites have been identified in the UK that includes ones that are owned the NHS services, the Student Loans Company and a number of English councils.
 
It is also alleged that the website of UK’s data protection watchdog, the Information Commissioner’s Office, had also been infected with the malware and it had to be reportedly taken down late on Sunday.
 
BrowseAloud which is a well known plugin used to aid the blind and partially-sighted users of the web was used to inject the cryptojacking script into the website codes.
 
It is being said that the malware has infected over 5,000 websites. The BrowseAloud plugin appears to have been injected by a software that is called Coinhive. This is a software that secretly makes use of off the computer of a user and uses its processing power to create or mine the open source cryptocurrency Monero.
 
The owner and operator of BrowseAloud - Texthelp, also stopped functioning of its website on Sunday in an effort to vindicate the problem.
 
The National Cyber Security Centre said that apparently there were no proof that would imply that any of the general users of the infected websites are at any risk of the malware attacks and confirmed that investigations were being conducted about the allegations.
 
Following the visit to a UK government website, a friend of Scott Helme, an IT security consultant, found out about the malware when it was detected by its antivirus system and sent a mail about the issue to Helme who later raised an alarm.
 
“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States,” Helme told Sky News. 
 
“Someone just messaged me to say their local government website in Australia is using the software as well.”
 
A spokesperson for the National Cyber Security Centre said: “NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency. 
 
“The affected services has been taken offline, largely mitigating the issue. Government websites will continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk.”
 
Australian government websites were also alleged to have been hit by cryptojacking malware. The websites included that of the Victorian parliament in a similar manner to those in the U.K.
 
Other Australian websites impacted included the Queensland legislation website, which lists all of the state’s acts and bills, the Queensland Community Legal Centre homepage, the Queensland ombudsman, and the Queensland Civil and Administrative Tribunal.
 
Texthelp said that it was conducting an investigation. “The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers’ CPUs to attempt to generate cryptocurrency,” the company said.
 
 “The exploit was active for a period of four hours on Sunday. The Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Tuesday 12.00 GMT.”
 
(Sourcec:www.theguardian.com)