A number of government websites in the UK, US, and Australia, including the UK Information Commissioner’s Office (ICO), have been compromised by cryptojacking malware. According to security researcher Scott Helme, over 4,000 websites have been affected.
The security consultant was made aware of the scheme after another security expert pointed out that the ICO’s website had a cryptominer installed within the domain’s coding. Helme confirmed the findings on Twitter, and upon further exploration, discovered that the mining code was present on all of the ICO’s web pages as well as thousands of other websites.
Cryptocurrency mining software is not illegal and some websites have begun tinkering with plugins that borrow visitor CPU power to mine virtual currency, potentially as an alternative for advertising. However, malware which installs such mining software without consent is fraudulent and can slow down visitor systems when legitimate websites are serving up mining scripts.
Read more about the bold cryptojacking scheme, which took advantage of a third-party plugin, Browsealoud, which is intended to assist visually impaired visitors to website domains and which had been compromised to mine cryptocurrency according to the plugin’s developers, Texthelp, on ZDNet.