Facebook Messenger, YouTube, and WordPress-based e-commerce websites have lately been the target of cryptocurrency malware, which uses your computer’s resources to mine currencies around the world.
It now appears that the cryptocurrency miners have shifted their attention to government websites, infecting thousands of websites belonging to the U.S. and UK government agencies with crypto jacking malware.
The websites, including include UK’s NHS and the official United States Courts site, were infected by a Monero-mining malware injected in Browsealoud, a plugin which is used to read aloud a website’s content for the visually-impaired. For several hours, the affected websites with an embedded Browsealoud plugin ran the crypto jacking code to use the resources of the visitors’ PC for mining Monero.
The exploit was first brought to notice by IT security expert, Scott Helme, who discovered Coinhive’s Monero-mining malware injected into the code of Browsealoud running on several government websites. However, the crypto jacking malware is only active when the tab using the Browsealoud plugin was open, and stopped running as soon as the browser tab is closed.
Following the discovery, Texthelp, the British company which developed Browsealoud, disabled the plugin, pulling the infected Javascript code offline. “We are addressing this immediately. Our Browsealoud service has been temporarily disabled whilst our engineering team investigates.”, the company said on Twitter.
Over 4,200 websites belonging to government agencies in the United States and the UK have been found to be affected, some of which went into maintenance mode in order to tackle the threat. Fortunately, the cryptocurrency mining malware executed itself to just mine Monero by exploiting the system resource of visitors, and stopped short of more severe attacks like keylogging or stealing passwords. Texthelp later confirmed that no customer data was accessed or stolen during the time that the malware was active on the websites.
Another report from the Guardian states that the number of websites infected by the cryptocurrency mining malware exceeds 5,000, as websites belonging to Australian government agencies were a target too.
