Hacked Sites Compromised by Cryptominers

More than 4,000 UK websites, including Manchester City Council’s, were infected with a cryptomining code last Sunday.

18:00 18 February 2018

Last Sunday, the website of Manchester City Council was among the 4,000 websites infected with a code that mined the open-source cryptocurrency Monero. The code also affected the websites of the US courts, the Information Commissioner’s Office (ICO) and some NHS bodies.

 

The websites were found to have the Browsealoud plugin that adds speech, reading and translation functionalities intended to help people with visual impairments and not native English speakers. The plugin was compromised and was used to inject Coinhive’s cryptominer on the affected websites.

 

A security expert said that the attack could have been worse. Scott Helme, the security researcher who first flagged the issue, said: "This is probably a result of improper controls put onto the account hosting,"

 

"I think the attackers were trying to be intentionally discreet," he says. The cryptominer was set up to only use 60 per cent of the capability of a computer's processor. If it was at 100 per cent, anyone visiting an infected site would have been left with a frozen device. "I think the fact they haven't gone wild and blown us off the planet is that perhaps they were trying to skate under the radar," Helme adds.