Yesterday, UK government websites were caught cyptomining but it could have been worse. The website of Manchester City Council – and more than 4,000 others – were infected with code that mined the open-source cryptocurrency Monero.
The Information Commissioner’s Office (ICO), the US courts website, some NHS bodies, and councils around the UK were also hit.
The UK government websites all had one thing in common: a plugin called Browsealoud. The snippet of code, created by UK firm Texthelp, adds “speech, reading, and translation” functionalities to websites. The software is pretty popular and intended to help people with visual impairments, Dyslexia, and act as an aid for those who aren’t native English speakers.
As a result of the compromised plugin, the ICO shut its websites down and others scrambled to tighten-up their security systems.
“We see these mining scripts on everything from porn websites to torrent sites and kids sites that offer to help with homework,” says Chris Boyd, a lead malware intelligence analyst at Malwarebytes. “It’s very popular.”
A spokesperson for the National Cyber Security Centre said:
“NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency.
“The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely.”
“At this stage, there is nothing to suggest that members of the public are at risk.”
The incident was discovered by researcher Scott Helme who tweeted:
What he means is that the attackers could have installed malware that more invasively violated user privacy or used victims to launch even more destructive attacks.
It’s believed that the people that attacked UK government websites were after seeking a proof-of-concept instead of making serious money with the malware.
In the comment section below let us know what you think of these new developments.