Mining Malware Tsunami Continues: ‘5000’ High-Profile UK Websites Hit By Tainted Plugin
New cryptocurrency mining malware exploiting software for blind and partially-sighted people has infected “thousands” of website including the UK Government, the Guardian reports Sunday, Feb. 11.
As various media outlets report Monday, malicious script was injected into BrowseAloud, a plugin which assists those with reduced sight in accessing online content. Visitors to sites involved see their processing power used for mining - known colloquially as “cryptojacking.”
Over 5000 websites are now infected, including the UK’s National Health Service (NHS), Student Loans Company and local authority sites.
Commenting on the events, UK watchdog the National Cyber Security Centre (NCSC) said there was “nothing to suggest” consumers were at risk after damage control measures were implemented.
“NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency,” a statement read Feb. 11.
“The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk.”
The news comes amid multiple warnings of similar malware propagation throughout the world, including Monero mining malware infecting Android devices this month.
In January meanwhile, Cointelegraph reported on how third parties had managed to use YouTube to mine cryptocurrency by hijacking Google’s DoubleClick advertising platform.
The NHS was one of the first and hardest-hit victims of 2017’s infamous WannaCry malware attack, which saw hackers demand $300 in bitcoin to unlock computers.