Over the weekend, a little piece of malware was hard at work mining cryptocurrency on government computers. Security researcher Scott Helme first noticed the malware, which he believes was running on more than 4,000 sites, including the U.K.’s Information Commissioner’s Office (ico.org.uk) and the website for the American court system (uscourts.gov).
The malware leveraged the victims’ devices to generate the cryptocurrency Monero by performing complex, CPU-intensive calculations, a mathematical process known as “mining” that’s used to create some cryptocurrencies.
The malicious code injected into the @texthelp BrowserAloud software is tiny, but so powerful. White text is the original code and purple text is the code injected by the attacker: pic.twitter.com/Fm2VCDaPxs
— Scott Helme (@Scott_Helme) February 11, 2018
In order to get the crypto-mining software onto unsuspecting computers, the hack targeted an accessibility plugin called Browsealoud that makes the web easier to use for people with dyslexia or low English comprehension. After compromising Browsealoud, the hackers altered the plugin’s code, injecting malicious JavaScript in order to secretly run the mining software known as Coinhive on unsuspecting machines.
On Sunday, the U.K.’s National Cyber Security Centre issued a statement that it was “examining data involving incidents of malware being used to illegally mine cryptocurrency.”
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
In a report last month, cybersecurity firm CrowdStrike highlighted the rise of cryptocurrency mining, a relatively new flavor of attack.
“In recent months, CrowdStrike has noticed an uptick in cyberattacks focused on cryptocurrency-mining malware that takes advantage of available CPU cycles, without authorization, to make money,” the firm wrote, noting that it “expects to see much more” of this activity moving through 2018.
Still, as Helme points out, things could have been a lot worse. A similar hack could have compromised government credentials or stolen identities instead of mining Monero.
The more I think about this the worse it becomes. Attackers had arbitrary script injection on thousands of sites including many NHS websites here in England. Just stop and think for a few moments about what exactly they could have done with that capability… 😱
— Scott Helme (@Scott_Helme) February 11, 2018
