Technology

Government websites hijacked by cryptocurrency-mining malware

Government websites hijacked by cryptocurrency-mining malware

Thousands of websites around the world, including many operated by governments, have been affected by the breach, security researchers have said.

Talking about the attack, Helme said, "This type of attack isn't new - but this is the biggest I've seen".

Helme said he found the compromised JavaScript file on Sunday morning after a friend's anti-virus program set off an alert on the site of the UK Information Commissioner's Office.

More than 4000 Australian and global government websites have been hijacked to run the Coinhive crypto currency mining software after a popular accessibility tool was compromised by attackers. The affected websites all ran Browsealoud-a plugin from British tech firm Texthelp that reads out websites for those with visual impairments or conditions that affect eyesight.

The cryptocurrency involved was Monero - a rival to Bitcoin that is created to make transactions in it "untraceable" back to the senders and recipients involved.

Government sites in the United States were not immune either, as the country's main website for court information, uscourts.gov, was also affected. By leveraging domains or subdomains that appear to belong to major brands, these actors trick people into visiting their sites running cryptocurrency mining scripts to monetise their content. "The sheer number of sites affected by this is huge and some of them are really prominent government websites!" Coin Hive was conceived as a way to help users gain a little extra income - "mining" uses computer power to validate cryptocurrency transactions, for which the miner is given a small amount of the currency. The company has assured its users that no customer data was compromised, accessed or lost by the attack.

More news: Trump addresses allegations against former WH staff in tweet
More news: Amazon is laying off hundreds of corporate employees
More news: NZ vs England 4th Tri Series T20 match in numbers

"Customers will receive a further update when the security investigation has been completed", said Martin McKay, Texthelp's chief technology officer, in an official statement.

They addend: "At this stage there is nothing to suggest that members of the public are at risk".

"NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency", an NCSC spokesperson said.

It's not known who was behind the scheme and whether the plugin, which is produced by the company Texthelp, was compromised by someone external or a company insider who chose to make a quick profit.

'The company has examined the affected file thoroughly and can confirm that it did not redirect any data: it simply used the computer's CPUs to attempt to generate cryptocurrency. "There are easy ways to make sure they don't do that".