Thousands of websites in the U.K. and worldwide have reportedly been infected with malware that uses users’ computers to mine cryptocurrency.
According to the BBC, the U.K.’s data protection watchdog, the Information Commission Office (ICO) took down its website after receiving a warning that it had been infected by malware. Other U.K. websites that were infected include the National Health Service (NHS), several English councils, and the Student Loans Company.
The cryptojacking script was added to website codes through Browsealoud, a plugin that aids the blind and partially sighted to gain access to the Internet. Texthelp, which operates Browsealoud, took its website down as it worked at resolving the issue. According to the report, Texthelp confirmed that it’s product had been affected for four hours.
It’s believed that over 5,000 websites have been affected by the malware. Software known as Coinhive, which quietly uses the computing power on a person’s device to mine the digital currency Monero, appears to have been inserted into the Browsealoud plugin. It then affected thousands of websites, including the ICO’s, which used it.
Martin McKay, chief technical officer of TextHelp, said:
In light of other recent cyberattacks all over the world, we have been preparing for such an incident for the last year and our data security action plan was actioned straight away.
The National Cyber Security Centre said that they were investigating the incident. Notably, though, they said that ‘there is nothing to suggest that members of the public are at risk’ at this stage.
Security researcher Scott Helme, who was alerted to the malware by a friend whose antivirus detected an issue when visiting the ICO website, explained that:
This was a very serious breach. They could have extracted personal data, stolen information or installed malware. It was only limited by the hackers’ imaginations.
Rory Cellan-Jones, BBC technology correspondent, added:
This kind of attack is becoming increasingly common and while it appears not to cause data loss or damage to systems, it does mean computers can run much more slowly.
Featured image from Shutterstock.