Thousands of government websites hacked to mine cryptocurrencies
Cybercriminals use software to hijack processors of unsuspecting web visitors
Hackers have infected thousands of government websites with malware that hijacks visitors’ computers to mine for cryptocurrencies.
Affected websites include those of the Information Commissioner’s Office, the Student Loans Company and the Scottish NHS helpline, as well as “hundreds of other central and local government sites”, The Daily Telegraph reports.
Hackers infected the websites with a programme called Coinhive, which hides inside a site’s code and mines digital currencies by hijacking the processing power of visitors’ computers.
According to BBC News, the programme was used to mine for a cryptocurrency called monero - a bitcoin rival used for anonymous transactions.
Security research Scott Helme told the news site that the hack was “a very lucrative proposal”, as the cybercriminals only needed to upload the mining malware to one website for it to infect “close to 5,000” other sites.
“This was a very serious breach”, he adds. “They could have extracted personal data, stolen information or installed malware. It was only limited by the hackers’ imaginations.”
However, the National Cyber Security Centre (NCSC) said that the affected services had been taken offline and that there was no indication the public is at risk, The Guardian reports.
A spokesperson from the NCSC said it is “examining data involving incidents of malware being used to illegally mine cryptocurrency”. Government sites will “continue to operate securely”, the spokesperson added.