Over the past few months, websites and servers have been repeated targets of malware that forces web browsers to secretly mine cryptocurrencies while using sites. This software has frequently breached, and in many cases succeeded in thousands of instances, having now targeted websites within the government itself across the United States and United Kingdom.
Discover credible partners and premium clients at China’s leading finance event!
The malware, also known as cryptojacking, is extremely problematic for security protocols. Malware of this nature is most commonly inserted into website codes and plugins, making unsuspecting users extremely vulnerable to this sort of assault.
In the US and UK, many of these sites were affected this weekend, all including government websites and services. This entailed websites belonged to the National Health Service, the Student Loans Company and many other government agencies. In each instance, the malware forces visitors’ computers to mine cryptocurrency while using the site, per a Guardian report.
“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States. Someone just messaged me to say their local government website in Australia is using the software as well,” Scott Helme, an IT security consultant, commented to Sky News.
Consequently, several websites were taken down to deal with and rectify the issue. In this instance, website codes were compromised via BrowseAloud, which acts as a popular plugin helping the blind and partially-sighted people access the web. In total, over 4,000 websites were affected with the malware.
The BrowseAloud plugin appears to have been responsible for the malware breach, utilizing software known as Coinhive. The software stealthily utilizes the processing power of a user’s device to mine open source cryptocurrency Monero. The malware is not impossible to detect and is often traceable or surfaced through simple antivirus checks.
For example, government authorities were initially made available to the malware after a user noticed an issue in their antivirus software visiting a UK government website.
A spokesperson for the National Cyber Security Centre noted: “NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency. The affected services has been taken offline, largely mitigating the issue. Government websites will continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk.”