Thousands of websites around the world, including those belonging to UK and US governments, have been infected with malware that secretly mines cryptocurrencies, researchers revealed.
First discovered by British security researcher Scott Helme, the malware attack is the first of its kind wherein a new breed of hackers have launched a comprehensive campaign to compromise websites into working toward mining cryptocurrencies like bitcoin.
“If you want to load a crypto miner on 1,000+ websites you don’t attack 1,000+ websites, you attack the 1 website that they all load content from,” Helme said.
As the Register reports, all the affected websites use Browsealoud, a popular plugin that reads out webpages to partially sighted or blind people. The technology behind the plugin, however, was compromised by hackers who tweaked its source code to inject a Monero miner into every webpage offering the plugin.
As a result, any user visiting a website with the embedded plugin ran the hidden mining code on their computer. Over 4,200 websites were compromised. The developer of the compromised plugin said it took the affected version of the plugin offline after it was found to be compromised.
“This was a criminal act and a thorough investigation is currently underway,” the company said in a statement.
The incident has been coming. Researchers have previously warned of new variants of malware that funnel profits to their authors while being completely clandestine. Cryptomining malware, in particular, has “exponentially increased,” wrote researchers at Cisco Talos.
“At a high-level mining is simply using system resources to solve large mathematical calculations which result in some amount of cryptocurrency being awarded to the solvers,” Cisco researchers wrote in a research note.
Thankfully, however, the code was only active for a handful of hours on February 11 before the plugin’s developer disabled the compromised malware.