Skip to main content

UK government websites infected by cryptocurrency miners

(Image credit: Image Credit: Welcomia / Shutterstock)

In an attempt to mine cryptocurrency (opens in new tab), hackers have injected malicious code into a website plug-in that has affected over 4,000 websites including the Information Commissioner's Office (opens in new tab) (ICO) and other government sites. 

The malicious code was discovered by security researcher Scott Helme after a friend informed him that he had received a malware warning after visiting the ICO website.    

Upon further examination, he realised that the Browsealoud website plug-in, which helps the blind and partially sighted access the Internet, was responsible for the warning. 

The company that makes the plug-in, Texthelp did confirm that for a period of four hours its product had been affected by malicious code designed to mine for cryptocurrency.  In this case, the plug-in had been hijacked to mine for Monero (opens in new tab) which has grown popular amongst hackers since its transactions are almost untraceable. 

By adding the program Coinhive to the plug-in, the hackers were able to take over users' computers to mine (opens in new tab) for Monero and once the initial systems were infected, thousands of other websites that supported Browsealoud were affected including the ICO's own site. 

Helme offered more details on the extent of the security breach, saying:
 “It's a very lucrative proposal.  They infect one website and it infects close to 5,000.  This was a very serious breach.  They could have extracted personal data, stolen information or installed malware.  It was only limited by the hackers' imaginations.” 

In addition to the ICO's site, the malicious code was also found on the Student Loans Company website, Barnsley Hospital and a number of other high-profile sites in the UK and worldwide. 

With the global rise in cyber attacks recently, TextHelp was prepared for such a breach and was able to implement its data security action plan once the hack was discovered.  The National Cyber Security Centre reassured the public the affected services have been taken offline and that the government's websites are operating securely. 

Image Credit: Welcomia / Shutterstock

Anthony Spadafora
Anthony Spadafora

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.