Government Websites Infected with Crypto-Mining Coinhive Malware

Anonymous hackers and activists

Thousands of government websites have been hijacked by code which made visitors’ computers run cryptocurrency mining software

Recently, websites are infested with cryptocurrency mining malware and can secretly open browsers in the computer background without the knowledge of users and mine cryptocurrencies even after closing all visible browser windows. "Government websites continue to operate securely", said a spokesperson. "Someone just messaged me to say their local government website in Australia is using the software as well", Scott Helme, an IT security consultant, commented to Sky News.

The software hack altered Browsealoud's source code to include software from a company called Coin Hive, which has developed an app to "mine" - search websites for - the Monero cryptocurrency.

This meant any PC, tablet or phone that connected to the websites was turned into a mining machine for the cryptocurrency Monero, which is similar to Bitcoin. Security researchers are now advising websites to take some action, especially government websites like the ICO.

While the hack, TextHelp said, did not affect customer data, the plugin was readily mining cryptocurrency across the affected sites, which included TextHelp's own website, for around 4 hours.

"If you want to load a crypto miner on 1,000-plus websites you don't attack 1,000-plus websites, you attack the one website that they all load content from", said Helme.

Texthelp's Browsealoud script allows users to request that a page it's embedded into be read aloud or translated into another language.

"Customers will receive a further update when the security investigation has been completed", said Martin McKay, Texthelp's chief technology officer, in an official statement.

The ICO also took its site down
Image The ICO also took its site down

When mining cryptocurrency, the processing power of a computer is used to validate transactions on the cryptocurrency network.

Texthelp, the company that sells Browsealoud, has now taken down the service until midday Tuesday 13 February.

The company added that no customer data has been accessed or lost.

The compromised service used by all these sites was the Browsealoud JavaScript library, which makes websites accessible via screen reading and translation tools.

According to the UK National Cyber Security Centre, there is nothing to suggest that members of the public are at risk at this point.

"The affected services have been taken offline, largely mitigating the issue".

Unfortunately, security teams lack visibility into all of the ways that they can be attacked externally, and struggle to understand what belongs to their organisation, how it's connected to the rest of their asset inventory, and what potential vulnerabilities are exposed to compromise.

Abu Bakr al-Baghdadi alive but wounded
Wells Fargo chief predicts Fed will lift penalties by year-end