Nefarious Bitcoin miners have hijacked government websites worldwide
Backdoor turns site visitors into unwitting miners
In a hack of unprecedented scope, thousands of government websites around the world have been compromised as part of a criminal scheme to mine a cryptocurrency called Monero, which like Bitcoin and Ethereum is blockchain based, but with a greater focus on transaction privacy.
Security researcher Scott Helme made the initial discovery, publishing an enormous list of 4,275 government sites spanning several countries, including the US, UK and Australia, that were infected by a malware known as Coinhive.
“This type of attack isn’t new — but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States,” said Helme in an interview with Sky News.
Coinhive is a cryptojacking script that works by turning the computers of site visitors into crypto mining rigs, potentially giving the hackers access to the processing power of millions of machines.
Tales from the crypto
The hostile code inserted itself into the websites through the popular plugin Browsealoud — an assistive application which helps make sites more accessible to visitors with reading difficulties, visual impairment and dyslexia.
Texthelp, the company that provides Browsealoud, has confirmed that the compromised plugin has been taken offline. "This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action," said Texthelp data security officer Martin McKay.
While the computers of countless people were likely used by the attackers to mine the cryptocurrency, it appears that site visitors are completely in the clear, with Texthelp reporting "no customer data has been accessed or lost."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The National Cyber Security Centre in the UK has given an official statement on the matter, assuring people that "Government websites continue to operate securely," further stating that "there is nothing to suggest that members of the public are at risk."
Stephen primarily covers phones and entertainment for TechRadar's Australian team, and has written professionally across the categories of tech, film, television and gaming in both print and online for over a decade. He's obsessed with smartphones, televisions, consoles and gaming PCs, and has a deep-seated desire to consume all forms of media at the highest quality possible.
He's also likely to talk a person’s ear off at the mere mention of Android, cats, retro sneaker releases, travelling and physical media, such as vinyl and boutique Blu-ray releases. Right now, he's most excited about QD-OLED technology, The Batman and Hellblade 2: Senua's Saga.