Hackers have hijacked government websites in the U.S. and the U.K. in order to secretly mine cryptocurrency through the computers and smartphones of any visitors to the sites.
The illicit cryptocurrency mining, known as cryptojacking, took place on more than 4,200 websites on February 11, using a malicious version of a tool called Browsealoud. The software, developed by British firm Texthelp, is embedded into websites to help people with poor vision by providing an audio version of the text.
Security experts warn the latest cryptojacking is part of a growing trend that website owners need to start better protecting against.
"Using a website to nefariously spread a program to perform these calculations, the criminals gain a vast network of computers at no cost, which they then use to make money," Trevor Reschke, head of threat intelligence at security firm Trusted Knight, said in an emailed comment to Newsweek.
"Cybercriminals are clearly recognizing that they can make a quick buck from the world's growing fixation with cryptocurrencies. Website owners need to look at how their sites can be taken advantage of and close any gaps that could be used to insert dangerous scripts."
The cryptojacking version of Browsealoud worked by taking over the processor of the smartphone or computer that is visiting a compromised website. The computing power of the processor is then used to mine cryptocurrency—the process of generating cryptocurrency by completing complex algorithms in order to confirm transactions.
Security consultant Scott Helme discovered the compromised software on sites including that of the Information Commissioner's Office (ICO) and the National Health Service (NHS) in the U.K., as well as thousands of other websites in the U.S. and Ireland. Several of the sites, including the ICO, took their sites offline after being informed of the breach.
Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site... 😮 pic.twitter.com/xQhspR7A2f
— Scott Helme (@Scott_Helme) February 11, 2018
In a blog post detailing the cryptojacking, Helme explained how the hackers were able to infect so many websites so efficiently.
"If you want to load a crypto miner on 1,000+ websites you don't attack 1,000+ websites, you attack the 1 website that they all load content from," Helme said. "In this case it turned out that Text Help…had been compromised and one of their hosted script files changed."
The altered script includes a portion of the cryptocurrency miner CoinHive, which can be used to generate cryptocurrencies like bitcoin, ethereum or monero.
Read more: Loapi cryptocurrency mining malware is so powerful it can melt your phone
Texthelp said in a statement Sunday that it was investigating the matter and reassured customers that no other products had been affected.
"A security review will be conducted by an independent security consultancy," said Martin McKay, Texthelp's data security officer. "The investigation is ongoing, and customers will receive a further update when the security investigated has been completed."
