US, UK government websites infected by cryptomining malware

Governments originated from the need to not only govern but also protect citizens, though some will probably dispute how much that still applies today. It is with a bit of irony, then, that some government websites have become unwilling, not to mention unknowing, vehicles to actually harm their own citizens. It has just recently come to light that thousands of websites, including those run by US and UK governments, have become infected by cryptocurrency mining malware, causing anyone who visits those sites to generate money for still unidentified miscreants.

Drive-by cryptocurrency mining has become suddenly popular thanks to the surge of popularity that cryptocurrency like Bitcoin has recently enjoyed. Cryptomining basically involves a compromised website running Javascript code inside a victim's web browser, leveraging the user's computer hardware to mine for Monero coins. The danger of cryptocurrency has become so real and so high that browser makers like Opera have integrated anti-cryptomining right into their software.

In many cases, cryptomining happens when users visit a website specially crafted for that very purpose. In this case, however, victims were visiting government and university websites instead. The infection came through a third-party plugin called Browsealoud, developed by Texthelp to read out pages for visually impaired users. Sadly, still unidentified hackers corrupted that plugin meant to help users in order to make a quick buck.

There are over 4,200 websites that were using this modified version of Browsealoud, many run by governments. Users simply had to visit such a site like uscourts.gov or ico.org.uk to suddenly see their computer's CPU usage spike up while involuntarily making money for someone else. Texthelp has already taken the necessary action to disinfect its popular plugin.

The good news is that many drive-by cryptominers like this one immediately stop working when you close the browser tab or the browser itself. There are, however, a growing number of variants that are able to continue working even after you closed the program. This incident only highlights the need for both browser makers and website administrators to step up their game and nip cryptomining in the bud before it explodes beyond control.