United Kingdom government affected by crypto mining malware

United Kingdom government affected by crypto mining malware

This was confirmed by the UK's Information Commissioner's Office (ICO) over the weekend. It is unclear whether it was an employee who thought it was a good idea to stealthily make some money using client websites (wouldn't be the first time this has happened; Wccftech itself became a victim previous year by a different company), or if an attacker managed to compromise it before hijacking websites.

Malmo University and Lund University in Sweden, among other Swedish education institutions, were also affected by the hack.

"The injected mining code was obfuscated, but when converted from hexadecimal back to ASCII it spelled out the necessary magic to summon Coinhive's stealthy JavaScript miner to the page", writes the Register. Browsealoud is used in many government websites around the world. The technology is used by many websites, including those belonging to the US Courts, the General Medical Council, and some local councils.

Although responsibility ultimately lies with Texthelp, Helme suggested government websites should be held to a higher security standard if they use third-party services, such as Browsealoud.

The hostile code inserted itself into the websites through the popular plugin Browsealoud - an assistive application which helps make sites more accessible to visitors with reading difficulties, visual impairment and dyslexia.

The malicious code as it appeared on the site of the United States courts service. "Seems to have hit other government sites too including the USA and Australia".

"That's it. With that tiny change to how the script is loaded, this attack would have been completely neutralised".

Australian sites among thousands hacked to include mining script

"A third party provider was compromised and their JS library was altered", Mr Helme posted on his website.

Crypto-currency mining uses vast amounts of computer power to create the unofficial coinage - in this case not bitcoin but an open-source currency dubbed Monero which runs in Windows Mac OS Linux Android and FreeBSD.

Mining malware is spreading like wildfire, every week now we run another story on some platform or other falling victim to it. Closing the window stops the code from running.

On Monday morning, Texthelp took the Browsealoud plugin offline, which meant that new visitors to the affected sites would no longer load the cryptojacking script.

An investigation to try and uncover the perpetrator is now underway and technical experts are examining data from the incident, said a spokesperson for the National Cyber Security Centre in a statement.

"The affected services has been taken offline, largely mitigating the issue".

With new map, Wolf says Republicans did it again
Unsurprisingly, they're equally gerrymandered for partisan purposes, precisely what the state court ruled was unconstitutional. However, some local leaders are unhappy that Reading would be in a separate district from most of Berks County in the new map.

Related Articles