As trading in cryptocurrencies is experiencing a surge, over 4000 websites were infected on Sunday with a code that allows web browsers to illegally mine cryptocurrencies on behalf of hackers.
Among the affected computers, includes some controlled by the US and UK governments, although the affected code has now been disabled. After the news about the secret mining went public, the Information Commissioner’s Office took down its website so visitors are no longer at risk of a hack. The organisation said:
“We are aware of the issue and are working to resolve it.”
The problem was traced to a malicious version of a commonly used tool called Browsealoud used to aid visually impaired people across the web. The tainted version of this tool caused the inserted software for mining the cryptocurrencies to run on computers that had previously visited infected sites, thereby secretly generating money for the hackers behind the crime.
The BBC reported that “the plug-in had been tampered with to add a program, Coinhive, which mines for Monero by running processor-intensive calculations on visitors’ computer. Once the plug-in was infected, it affected thousands of other websites in addition to the ICOs which used it”.
With a surge in the value and popularity of bitcoin and other digital currencies, it has become the centre of attraction for hackers looking to make quick cash. However, the process of mining cryptocurrencies involves a large amount of computer processing power, which translates to huge electricity bills for the miners.
Getting someone to do the work and bay the bill sounds really excellent, while they watch behind the screen to claim the coins. This is exactly what the hackers do. They insert the malicious software into websites and unknown to the visitors and owners, their computers are secretly working to mine cryptocurrencies for them. Worse still, they infect one website which further infects more than 4000 others.
According to Mr. Scott Helme, a security researcher, “they could have extracted personal data, stolen information or installed malware which is only limited by the hackers’ imagination”.
Aside from the huge electricity bills, they are subjected to, this kind of attack is known to slow down computers and cause data loss or damage to the affected computers.
A spokesman from National Cyber Security Centre says that members of the public are no longer at risk since the code has been disabled. Hence, all government websites can function safely.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
