A number of government websites in the US, UK and Australia were compromised on Sunday by malware aiming to take control of visitors' computers to mine cryptocurrency, the BBC reported.
Researcher Scott Helme reported over 4,000 websites, including the UK Information Commissioner's Office (ICO), the General Medical Council and some NHS websites, were affected by the problem.
Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site... 😮 pic.twitter.com/xQhspR7A2f
— Scott Helme (@Scott_Helme) February 11, 2018
Helme traced the issue back to a plugin called Browsealoud, which allows blind and partially sighted people to access the internet.
A program called Coinhive, which mines Monero (XMR/USD) was added to the plugin.
The Information Commissioner's Office (ICO) took down its website after a warning that hackers were taking control of visitors' computers to mine cryptocurrency.
The ICO’s website will remain closed as we continue to investigate a problem which is thought to involve an issue with the Browsealoud feature.
— ICO (@ICOnews) February 12, 2018
“If you want to load a crypto miner on 1,000+ websites you don't attack 1,000+ websites, you attack the 1 website that they all load content from. In this case it turned out that Text Help, an assistive technology provider, had been compromised and one of their hosted script files changed,” Helme said in a blog post.
An investigation to try and uncover the perpetrator is now underway and technical experts are examining data from the incident, said a spokesperson for the National Cyber Security Centre in a statement.
"The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely," said the spokesperson. "At this stage there is nothing to suggest that members of the public are at risk."
According to a report from Australian news source ABC.net, several government sites in Queensland, as well as the Victorian Parliament, also appeared to have been affected.