Thousands of UK and US government websites were infected with a malicious script on Sunday (11 Feb.) that secretly forced visitors' computers to mine cryptocurrency for malicious hackers. The malware was running on more than 4,000 sites, including the U.K.’s Information Commissioner’s Office and the website for the American court system.
Hackers infected the websites with a malicious version of a popular software, known as Browsealoud, which reads out webpages for people with vision problems. After compromising Browsealoud, the hackers altered the plugin’s code, injecting malicious JavaScript in order to secretly run the mining software known as Coinhive on unsuspecting machines.
What can a cryptocurrency malware do?
To mine cryptocurrencies, hackers are nowadays injecting websites with cryptocurrency malware which secretly uses the computing power of hacked mobiles/laptops to mine cryptocurrency (this technique is also known cryptojacking).
When a user visits an infected site, the miner on the site gets activated and starts using the resources of the victim visiting the website. Unlike other malware - Ransomware or Spyware, cryptojacking is less dangerous and non-intrusive as it doesn’t steal or spoil user data. However, it can consume a lot of your processing power to mine cryptocurrencies thereby making your device extremely slow and even get it heated up.
The organisations have assured that they have taken the necessary measures and no customer data has been accessed or lost. The company further said that its customers will receive a further update as soon as the security investigation gets completed.