Hackers were able to compromise a popular Browsealoud plugin to infect government websites with cryptocurrency mining malware. Cryptocurrency hit headlines in 2018 seeing most people become billionaires and especially bitcoin which had its value touch the sky. Cybercriminals and hackers took advantage of such making easy money but a payback is being experienced by unknown users.
US and UK Government sites got hacked so as to Mine Monero
Scott Helme an IT expert in security noted that on the 11th February that 4000 plus government sites were hacked for mining Monero cryptocurrency and such was inclusive of the official court system of America, UK’s information commissioner website, Social security Administration of US and NHS.
As per his blog post, the sites which were targeted were infected using a malware which use the sites’ computing power of its visitors to mine the Monero. You know of the technique used for mining cryptocurrency whereby CPU power is used by unknown hackers as users’ access generating cryptocurrency and leading to hiked electricity bills to the users.
Browsealoud Plugin is hacked so as to infect websites of the Government
After digging further, Helme also noted of Browsealoud plugin is hacked so as to gain access to the government websites infecting such with malware to mine cryptocurrency. This plugin aids users in accessing websites content such as dyslexia patients, users with visual impairments and users not conversant with English.
— Scott Helme (@Scott_Helme) February 11, 2018
Examination of the situation by Authorities
The British NCSC confirmed familiarity with such situation addressing the actions they are taking on such situation by taking offline affected services with government sites operating safely with public free from any risk. Helme is however afraid of similar situation coming up in future again after it’s solving by authorities.
Increase in cryptocurrency mining
IT community of security sector is concerned with the sudden increase in cryptocurrency mining with high-profile sites as well as institutions affected such as Blackberry, Oracle, YouTube, Transneft in Russia and Starbucks among others.