Government websites hijacked by cryptomining plugin

Australian sites among thousands hacked to include mining script

Australian sites among thousands hacked to include mining script

Among the websites affected in Britain were those belonging to the NHS, the Information Commissioner's Office, several English council sites and the UK's Student Loans Company.

"Someone just messaged me to say their local government website in Australia is using the software as well".

Hackers have hijacked thousands of government websites to help them to stockpile cryptocurrencies such as Bitcoin.

In Australia, the crypto-jacking attack hit the official website of the Victorian parliament, the Queensland Civil and Administrative Tribunal, the Queensland ombudsman, the Queensland Community Legal Centre homepage, and the Queensland legislation website, which lists all of the state's acts and bills.

Security researcher Scott Helme discovered the hack when a pal mentioned getting antivirus alerts on a UK Government website.

This was first noticed earlier this morning by infosec consultant Scott Helme when he saw that United Kingdom government site ico.org.uk was utilizing the the Coinhive in-browser mining (cryptojacking) script.

The hostile code inserted itself into the websites through the popular plugin Browsealoud - an assistive application which helps make sites more accessible to visitors with reading difficulties, visual impairment and dyslexia.


Coinhive is a cryptojacking script that works by turning the computers of site visitors into crypto mining rigs, potentially giving the hackers access to the processing power of millions of machines.

Because the malware only runs while someone is actively visiting an infected site, there is no further risk to users' computers, Mr Helme said.

"But there were ways the government sites could have protected themselves from this".

In December The Guardian reported that almost 1 billion visitors to the video sites Openload, Streamango, Rapidvideo and OnlineVideoConverter were also being crypto-jacked. "It may have been hard for a small website, but I would have thought on a government website we should have expected these defence mechanisms to be in place".

"The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency", said Texthelp.

"Texthelp can report that no customer data has been accessed or lost", the company said.

"The affected service has been taken offline, largely mitigating the issue".

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.