Hackers have hijacked government websites in the U.S. and the UK in order to secretly mine cryptocurrency through the computers and smartphones of any visitors to the sites.
The illicit cryptocurrency mining, known as cryptojacking, took place on more than 4,200 websites on Sunday, February 11, using a malicious version of a tool called Browsealoud. The software, developed by British firm Texthelp, is embedded into websites to help people with poor vision by providing an audio version of the text.
Security experts warn the latest cryptojacking is part of a growing trend that website owners need to start better protecting against.
“Using a website to nefariously spread a program to perform these calculations, the criminals gain a vast network of computers at no cost which they then use to make money,” Trevor Reschke, head of threat intelligence at security firm Trusted Knight, said in an emailed comment to Newsweek.
“Cybercriminals are clearly recognising that they can make a quick buck from the world’s growing fixation with cryptocurrencies. Website owners need to look at how their sites can be taken advantage of and close any gaps that could be used to insert dangerous scripts.”
The cryptojacking version of Browsealoud worked by taking over the processor of the smartphone or computer that is visiting a compromised website. The computing power of the processor is then used to mine cryptocurrency—the process of generating cryptocurrency by completing complex algorithms in order to confirm transactions.
Security consultant Scott Helme discovered the compromised software on sites including that of the Information Commissioner’s Office (ICO) and the National Health Service (NHS) in the U.K., as well as thousands of other websites in the U.S. and Ireland. Several of the sites, including the ICO, took their sites offline after being informed of the breach.
In a blogpost detailing the cryptojacking, Helme explained how the hackers were able to infect so many websites so efficiently.
“If you want to load a crypto miner on 1,000+ websites you don’t attack 1,000+ websites, you attack the 1 website that they all load content from,” Helme said. “In this case it turned out that Text Help… had been compromised and one of their hosted script files changed.”
The altered script includes a portion of the cryptocurrency miner CoinHive, which can be used to generate cryptocurrencies like bitcoin, ethereum or monero.
Texthelp said in a statement Sunday that it was investigating the matter and reassured customers that no other products had been affected.
“A security review will be conducted by an independent security consultancy,” said Martin McKay, Texthelp’s data security officer. “The investigation is ongoing, and customers will receive a further update when the security investigated has been completed.”
More from Newsweek