The Monero cryptocurrency logo is seen in this illustration photo January 8, 2018
The Monero cryptocurrency logo is seen in this illustration photo January 8, 2018

Hackers secretly made UK Government websites force visitors' computers to mine bitcoin alternative monero

As well as being used to earn money for criminals, victims' machines would also slow down as a result

Aatif Sulleyman
Monday 12 February 2018 23:52

Several Government websites have been secretly forcing visitors’ computers to mine bitcoin alternative monero for cyber criminals.

One of the affected sites – that of the Information Commissioner’s Office – was temporarily taken down as a result.

The Student Loans Company’s website was also affected, as were NHS websites, the Pensions Advisory Service, the Financial Ombudsman Service and many more.

Security researcher Scott Helme traced the issue to Browsealoud, software that makes it easier for blind and partially sighted people to use the internet.

It was recently compromised by cyber criminals, who added a cryptojacking script to it.

As a result, everyone who visited a website that ran Browsealoud would secretly have their computer’s processing power used to earn money for cyber criminals, by mining monero.

Texthelp, the company behind Browsealoud, has taken the service down temporarily.

“At 11:14 am GMT on Sunday 11th February 2018, a JavaScript file which is part of the Texthelp Browsealoud product was compromised during a cyber attack,” it said.

“The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency. This was a criminal act and a thorough investigation is currently underway.”

It says the exploit “was active for a period of four hours on Sunday”, and adds that no customer data was stolen or lost as a result of the hack.

Cryptojacking incidents, in which people’s devices are quietly hijacked and forced to mine digital currencies for other people, have become increasingly common since bitcoin’s spectacular price rise in 2017.

The trend is likely to continue, as successful attacks can help criminals earn a significant amount of money.

“NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency,” the National Cyber Security Centre said.

“The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk.”

We’ve teamed up with cryptocurrency trading platform eToro. Click here to get the latest Bitcoin rates and start trading. Cryptocurrencies are a highly volatile unregulated investment product. No EU investor protection. 75% of retail investor accounts lose money when trading CFDs.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments