Reports of mining malware infestations are an almost weekly occurrence now. With cryptocurrency mining becoming more lucrative than ransomware, hackers are upping their game and widening the digital net. Those caught in it this week included a number of government websites in the UK and Australia.
In what has been newly termed as ‘cryptojacking,’ the Guardian reported that thousands of websites had been infected over the weekend. Those that visited the compromised websites would have their computer hardware hijacked in order to mine Monero for the perpetrators.
According to the reports, websites of the NHS services, the Student Loans Company, and several English councils, were all infected. Over the weekend, the website of the UK’s data protection watchdog, the Information Commissioner’s Office, was taken offline to deal with the infection.
The malicious software came via a plugin called BrowseAloud which helps partially-sighted people access content on the web. The plugin authors took their own website down while they tried to resolve the problem. As many as 5,000 website have been compromised with a variant of the Coinhive mining script, which allows webmasters to leech resources from the hardware of their readers.
Monero is usually the crypto of choice as it is anonymous and encrypted and, therefore, cannot be traced back to the source wallets.
Scott Helme, an IT security consultant, raised the alarm after a friend got an alert from his anti-virus software after visiting a government website:
This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States.
Digging Down Under
It appears that mining malware has also compromised websites in Australia, including the Victoria Parliament’s site, the Queensland Civil and Administrative Tribunal, the Queensland ombudsman, the Queensland Community Legal Centre, and the Queensland legislation website, which lists all of the state’s acts and bills.
The same plugin was found to be the cause of the incursion. Helme,