Thousands of sites, including NHS services and the ICO (Information Commissioner’s Office), have been infected by cryptocurrency mining malware that uses visitor’s computers to mine cryptocurrency while using the site.

Last Sunday, the UK’s data protection website, the Information Commissioner’s Office, was taken down to deal with the issue after it was reportedly infected by the malware. According to The Guardian, over 5,000 websites have been affected by the malware including the NHS services, the Student Loans Company and several English councils.

The websites have been attacked by software known as Coinhive. This software is able to make the victims machine unwittingly use processing power to mine an open-source cryptocurrency called Monero. This appears to have happened through a malware script injection into the BrowseAloud plugin, a commonly used plugin that helps visually impaired people access the web. The technique is called cryptojacking.

Scott Helme, an IT security consultant, sent out an alert regarding the malware after receiving a message from a friend whose antivirus software had detected a threat after visiting a UK government website.

Scott Helme stated:

“This type of attack isn’t new – but this is the biggest I’ve seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States. Someone just messaged me to say their local government website in Australia is using the software as well.”

Scott Helme

The National Cyber Security Centre (NCSC) confirmed the issue was being investigated, adding there was nothing to suggest members of the public were at risk after the malware attack. Many of the websites have been taken down so that engineers could solve the issue and many are still being monitored as a precaution. Texthelp, which operates BrowseAloud, took its website down on Sunday while its engineers managed to finally solve the problem.

A NCSC representative said:

“NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency. The affected services have been taken offline, largely mitigating the issue. Government websites will continue to operate securely. At this stage, there is nothing to suggest that members of the public are at risk.”

NCSC

With cyber security threats on the rise, it is useful to be able to recognize some of the  symptoms of cryptojacking. Since mining is computationally intensive, one of the main symptoms is that the hijacked computer slows down significantly. Sometimes you can lose the screen or have some pixel distortion storming your screen. Keeping your Antivirus updated and avoid visiting suspicious websites are always good rules to follow.