In fresh news reports, it appears that several government websites in the United Kingdom were infiltrated by crypto mining malware called Coinhive – which illicitly mines the cryptocurrency Monero using the computing power of external computers.
Known colloquially as “cryptojacking”, the malware found itself onto these government websites via BrowseAloud – a plugin that facilitates easy access to online content for those with impaired vision.
After being “live” for about four hours (estimation provided by TextHelp, creators of the BrowseAloud plugin), over 4,000 websites have been affected, including the National Health Service (NHS), which was also hardest hit by the crypto malware WannaCry in 2017. Even some websites in Australia have reported infection, according to Australian news site ABC.net.
The malware has since been disabled and UK watchdog, National Cyber Security Centre (NCSC) has been quoted as saying that there was “nothing to suggest” consumers were at risk following the shutdown of the malware’s operations.
In a quote borrowed from this Sky News article, Texthelp data security officer Martin McKay said that “Texthelp can report that no customer data has been accessed or lost.” McKay also announced that an independent security consultancy will begin a security review of the company’s systems.
A tweet by the Malware Tech blog reminds us that this was a small hack that could have had the potential to get much bigger:
Nice thing about coinhive is it’s a fairly low impact way to show us how including 3rd party scripts can go wrong. This could have just as easily loaded malware.https://t.co/CpVnFVtjqo
— MalwareTech (@MalwareTechBlog) February 11, 2018
According to a report published by Coindesk in November last year, Coinhive is the sixth most common type of crypto malware. It was previously found on sites like the Ultimate Fighting Championship website and on Google’s DoubleClick ad platform.