Crypto Hackers Hijack Government Websites To Mine Cryptocurrency

Crime, News | February 12, 2018 By:

Government websites across many countries, including the US, the UK, and Australia, have reportedly been exploited by malware that harnesses visitors’ computers to mine cryptocurrency.

According to British security researcher Scott Helme, he spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites. The affected websites included those for the US Courts, the UK’s National Health Service (NHS) and Information Commissioner’s Office, and the Australian state governments for Victoria and Queensland.

Helme said he found the compromised JavaScript file on Sunday morning after a friend’s anti-virus program set off an alert on the site of the UK Information Commissioner’s Office. He traced the problem to a website plug-in called Browsealoud, used to help blind and partially sighted people access the web.

The makers of Browsealoud, Texthelp, confirmed that hackers inserted a script known as Coinhive into their software. Coinhive hijacks the processing power of a user’s computer to mine the cryptocurrency Monero. Martin McKay, Texthelp’s chief technology officer, said the compromise was a criminal act and was being investigated.

“Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline,” McKay said.

Although responsibility ultimately lies with Texthelp, Helme suggested government websites should be held to a higher security standard if they use third-party services, such as Browsealoud.

This isn’t the first time sites have been accused of using visitors’ computers to mine cryptocurrency. Coinhive has previously been discovered in Google’s DoubleClick ad services, the Ultimate Fighting Championship website, and TV network Showtime, among many others.

Varun Badhwar, CEO and co-founder of RedLock, which specializes in cloud threat defense, says stealing computer power is now far more lucrative than stealing data.

“In this incident, the hackers targeted consumers via compromised browser plugins,” said Badhwar. “We are also seeing cryptojacking attacks on organizations to leverage the compute power within their networks – a much stealthier tactic, since the activity often goes unnoticed at large organizations where there is remnant or underutilized compute resources.”

Badhwar called the current problems “the tip of the iceberg.  We anticipate this type of cybercrime to increase in scale and velocity in the near future.”