Government websites infected by Cryptocurrency mining malware

More than 4000 sites including those of UK, US, and Australian Government were infected with cryptocurrency mining malware. The sites were affected for several hours on Sunday containing a secret code that mines cryptocurrencies through web browsers.

Cryptojacking malware

According to the “The Register report”, these sites were affected by the malicious use of CoinHive mining software and BrowseAloud, a tool from Texthelp, the British software maker. The BrowseAloud reads webpage for people and converts website text to audio for visually impaired users.

In a world of cryptocurrency, such process is known as Cryptojacking, means it uses computing device secretly to mine cryptocurrency.

Government could have prevented the attack better than smaller websites

It was discovered by Scott Helme, a UK-based security researcher. He said there were ways that the government could have prevented the attack better than smaller sites.

Helme says that 4,275 sites have been affected by malicious JavaScript software that is developed by third-party. He adds that the attacks could have been “completely moderated” by the state developers/owners taken some basic security precautions.

On Monday morning, Texthelp took the BrowseAloud plugin offline and thus new visitors to the affected sites will no longer load the Cryptojacking script.

As a result, the Helme raises the alert regarding malware after he received a message from a friend. His antivirus software had detected an issue after visiting UK government website.

Helme told Sky News,

“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States. Someone just messaged me to say their local government website in Australia is using the software as well”.

“When you load software like this from a third party, that third party can change it and make it do whatever they want,” he said. “There are easy ways to make sure they don’t do that.”

Cryptojacking hits Australian government websites for four hours

Similarly, in Australia, the Cryptojacking hits the official website of the Victorian parliament, the Queensland Civil and Administrative Tribunal, and the Queensland Ombudsman. The Queensland Community Legal Centre homepage, and the Queensland legislation. The malware also affected other websites including those belonging to the Victoria’s City of Casey Council, Western Australia’s City of Bayswater council and South Australia’s City of Unley council.

Queensland legislation and QCAT website took out the plugin on Monday.

The malware also previously exploited YouTube visitors through video ads and some other 1 billion visitors to video sites Openload, Streamango, Rapidvideo and OnlineVideoConverter in December, according to reports by The Guardian.
UK’s National Health Service, and the UK’s data protection watchdog were also affected.

Texthelp says plugin would remain offline until Tuesday 12.00 GMT

Texthelp, the company that made the plugin confirmed that the Coinhive script software was inserted illegally to their plugin. Coinhive hijacks computer processing power to force the computer to mine Monero cryptocurrency. The company said the illegal operation run for four hours, but they had since taken the plugin offline and efficiently stopped the exploit.

The malware forced computers to mine cryptocurrency without user’s permission or knowledge when the user visited these websites. Monero has increased privacy and security, so it is always hard to trace back the attackers using the address.

According to Texthelp,
“The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers’ CPUs to attempt to generate cryptocurrency,”.

Further, they claimed plugin would remain offline until Tuesday 12.00 GMT although the breach was already addressed.

Related Coverage: Mailbox of China’s Central Bank Was Hacked

Stay updated with latest cryptocurrency news by following us on Twitter or joining us on Telegram

Show More


David Kariuki is a journalist who has a wide range of experience reporting about modern technology solutions including cryptocurrencies. A graduate of Kenya's Moi University, he also writes for Hypergrid Business, Cryptomorrow, and Cleanleap, and has previously worked for Resources Quarterly and Construction Review magazines.

Related Articles

Back to top button