UK government websites infected by cryptocurrency miners

null

In an attempt to mine cryptocurrency, hackers have injected malicious code into a website plug-in that has affected over 4,000 websites including the Information Commissioner's Office (ICO) and other government sites. 

The malicious code was discovered by security researcher Scott Helme after a friend informed him that he had received a malware warning after visiting the ICO website.    

Upon further examination, he realised that the Browsealoud website plug-in, which helps the blind and partially sighted access the Internet, was responsible for the warning. 

The company that makes the plug-in, Texthelp did confirm that for a period of four hours its product had been affected by malicious code designed to mine for cryptocurrency.  In this case, the plug-in had been hijacked to mine for Monero which has grown popular amongst hackers since its transactions are almost untraceable. 

By adding the program Coinhive to the plug-in, the hackers were able to take over users' computers to mine for Monero and once the initial systems were infected, thousands of other websites that supported Browsealoud were affected including the ICO's own site. 

Helme offered more details on the extent of the security breach, saying:
 “It's a very lucrative proposal.  They infect one website and it infects close to 5,000.  This was a very serious breach.  They could have extracted personal data, stolen information or installed malware.  It was only limited by the hackers' imaginations.” 

In addition to the ICO's site, the malicious code was also found on the Student Loans Company website, Barnsley Hospital and a number of other high-profile sites in the UK and worldwide. 

With the global rise in cyber attacks recently, TextHelp was prepared for such a breach and was able to implement its data security action plan once the hack was discovered.  The National Cyber Security Centre reassured the public the affected services have been taken offline and that the government's websites are operating securely. 

Image Credit: Welcomia / Shutterstock