More than 5,000 websites have been hacked to force visitors’ computers to run software that mines a cryptocurrency similar to Bitcoin.
Users loading the websites of the Information Commissioner’s Office, the Student Loans Company, as well as the council websites for Manchester City, Camden, and Croydon – and even the homepage of the United States Courts – will have their computers’ processing power hijacked by hackers.
Malicious code for software known as ‘Coinhive’, a program advertising itself as ‘A Crypto Miner for your Website’ will start running in the background until the webpage is closed.
Security researcher Scott Helme was alerted to the hack by a friend who sent him antivirus software warnings received after visiting a UK Government website.
“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States. Someone just messaged me to say their local government website in Australia is using the software as well”.
The Coinhive script was inserted into a popular third-party accessibility plugin ‘BrowseAloud’ which is used to help blind or partially-sighted people access the web.
TextHelp, the company which operates BrowseAloud, confirmed to Sky News that they are taking the tool offline ‘whilst our engineering team investigates’.
Mr Helme says that unlike Bitcoin, where wallet addresses are stored on a publicly-available database, it’s impossible to find the location of the account profiting from the code.
But, he added, there was a simple way to defend against the attack: “every single website I run has an ‘Integrity Attribute’, which is a tiny change in how the script is loaded but is there because I’m worried about exactly this type of thing happening”.
It seems the BrowseAloud screen reader accessibility plugin has been hacked to load cryptocurrecy-mining software on websites which use it.
The Information Commissioner’s Office, Manchester Council, the General Medical Council and the Student Loans Company are all infected. pic.twitter.com/AH4aGcTypK
— Nick Stylianou (@nmsonline) February 11, 2018
In the last few moments, Sky News has learned some of the affected websites, such as the Information Commissioner’s Office, have now been taken offline as well as IT teams try and combat the problem.
Sky News has alerted the National Cyber Security Centre, who have confirmed they are investigating the incidents.