Over 5,000 UK national websites, including the ICO and NHS, have been infected by cryptocurrency mining malware, discovered over the weekend.
The affected websites included major governmental platforms such as the Student Loans Company, the NHS, and several council websites. The malware in question targeted the websites’ visitors and is known to hijack their computer processing power (CPU) to mine cryptocurrency without them even knowing about it.
This was discovered when the Information Commissioner’s Office, who serves as a data protection watchdog for all UK citizens, stated that they will take down their website in order to address the malware that has infected the website.
What makes this cryptojacking hack unique is in this instance, hackers inserted the malicious code by exploiting a popular plugin called BrowseAloud. This plugin was designed to help the blind and partially-blind to easily navigate the internet.
So far, over 5,000 have been discovered to be infected with the malware. The hackers used a JavaScript code, created and made popular by the code’s developer, CoinHive. This code allows hackers to use their victims’ personal device power to mine the cryptocurrency Monero. This code seems to have been injected to the BrowseAloud plugin.
The developers of BrowseAloud, Texthelp, have recently taken their website offline in order to address the issue.
According to the UK’s National Cyber Security Centre, the security concern is being investigated. However, the agency added there was currently no evidence to suggest victims were at risk from further cyber attacks following the exposure to the malware.
The malware was first discovered by the IT security consultant Scott Helme, who notified the relevant authorities when a contact told him that they received notification from their antivirus software after visiting a government website.
According to Helme this is one of the biggest cryptojacking malware attacks to date. Helme added that the hackers targeted a single plugin which has compromised the security of thousands of websites in Ireland, the UK, and even the US.
A National Cyber Security Centre spokesperson has confirmed that their team of experts is currently examining all available information pertaining to instances of cryptojacking.
The agency added that all affected services have already been taken down to strictly minimize risk to the public. The spokesperson added that the NCSC had no reason to believe that the public was at risk from additional cyberattacks following exposure to the malware.