More than 4000 sites including those of UK, US, and Australian Government were infected with cryptocurrency mining malware. The sites were affected for several hours on Sunday containing a secret code that mines cryptocurrencies through web browsers.
According to the “The Register report”, these sites were affected by the malicious use of CoinHive mining software and BrowseAloud, a tool from Texthelp, the British software maker. The BrowseAloud reads webpage for people and converts website text to audio for visually impaired users.
In a world of cryptocurrency, such process is known as Cryptojacking, means it uses computing device secretly to mine cryptocurrency.
Government could have prevented the attack better than smaller websites
It was discovered by Scott Helme, a UK-based security researcher. He said there were ways that the government could have prevented the attack better than smaller sites.
Yes, it could have been a lot worse… pic.twitter.com/Dqhvff9u5e
— Scott Helme (@Scott_Helme) February 11, 2018
On Monday morning, Texthelp took the BrowseAloud plugin offline and thus new visitors to the affected sites will no longer load the Cryptojacking script.
As a result, the Helme raises the alert regarding malware after he received a message from a friend. His antivirus software had detected an issue after visiting UK government website.
Helme told Sky News,
“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States. Someone just messaged me to say their local government website in Australia is using the software as well”.
“When you load software like this from a third party, that third party can change it and make it do whatever they want,” he said. “There are easy ways to make sure they don’t do that.”
Cryptojacking hits Australian government websites for four hours
Similarly, in Australia, the Cryptojacking hits the official website of the Victorian parliament, the Queensland Civil and Administrative Tribunal, and the Queensland Ombudsman. The Queensland Community Legal Centre homepage, and the Queensland legislation. The malware also affected other websites including those belonging to the Victoria’s City of Casey Council, Western Australia’s City of Bayswater council and South Australia’s City of Unley council.
Queensland legislation and QCAT website took out the plugin on Monday.
The malware also previously exploited YouTube visitors through video ads and some other 1 billion visitors to video sites Openload, Streamango, Rapidvideo and OnlineVideoConverter in December, according to reports by The Guardian.
UK’s National Health Service, and the UK’s data protection watchdog were also affected.
Texthelp says plugin would remain offline until Tuesday 12.00 GMT
Texthelp, the company that made the plugin confirmed that the Coinhive script software was inserted illegally to their plugin. Coinhive hijacks computer processing power to force the computer to mine Monero cryptocurrency. The company said the illegal operation run for four hours, but they had since taken the plugin offline and efficiently stopped the exploit.
The malware forced computers to mine cryptocurrency without user’s permission or knowledge when the user visited these websites. Monero has increased privacy and security, so it is always hard to trace back the attackers using the address.
According to Texthelp,
“The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers’ CPUs to attempt to generate cryptocurrency,”.
Further, they claimed plugin would remain offline until Tuesday 12.00 GMT although the breach was already addressed.
Related Coverage: Mailbox of China’s Central Bank Was Hacked