On the morning of Sunday February 11, 2018 malware used to mine the cryptocurrency Monero was detected on thousands of UK and US government sites. The cryptojacking attack infected websites including the United States Court System government website (UScourts.gov), the City University of New York website (cuny.edu), the city of Manchester, England government website, and numerous other UK government websites including websites that service the National Health Service.
A full list of over 4,000 affected websites can be found here.
Some websites affected have been taken down completely as of 1:28 PM EST. Ironically, the UK Information Commissioner’s Office, a group responsible for data privacy in the UK, is currently down due to the malware infusion. Although the crypto community is used to hearing about hacked ICOs, this one may be slightly more surprising.
The malware was reported by Scott Helme on Twitter and confirmed by the UK tech website The Register. The exploit occurred when code for Coinhive’s monero miner was illicitly injected into the popular browser plugin browsealoud. Browsealoud is a plugin which reads aloud the text on webpages to aid people with visual impairments and dyslexia. It is unclear whether browsealoud was compromised by outside hackers or an internal rogue actor.
Helme, a security researcher who initially reported the cryptojacking attack, is quoted by Sky News describing today’s events: “This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States”. Sky News reports that Texthelp, the company that makes the plugin browsealoud, has taken the plugin down “whilst our engineering team investigates”.
A cryptojacking attack can be harmful to the computers affected. The illicit mining software may cause the computer to run at a higher than recommended temperature which could cause damage to internal components. Furthermore, the high load on the system may cause the computer to shutdown or become slow and unresponsive. This is of particular concern when the computers affected are being used for critical tasks.
Yesterday, CryptoBriefing reported another cryptojacking attack on a Russian nuclear supercomputer; it appears these attacks will become more frequent as the profit motive continues to rise.
Financial Disclosure: The author holds long positions in Bitcoin and Bitcoin Cash. The author holds no short positions.