Government websites hijacked by cryptocurrency-mining malware

Over 4,000 websites worldwide were affected by the malware.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins

The Information Commissioner's Office website is still offline.


A security researcher discovered a handful of government websites in the US, UK and Australia had been compromised on Sunday by malware aiming to take control of visitors' computers to mine cryptocurrency.

Researcher Scott Helme reported over 4,000 websites, including the UK Information Commissioner's Office (ICO), the General Medical Council and some NHS websites, were affected by the problem.

Helme traced the issue back to a plugin called Browsealoud, which allows blind and partially sighted people to access the internet. A program called Coinhive, which mines monero -- a rival to bitcoin -- was added to the plugin. Texthelp, the company that makes Browsealoud, released a statement saying the explot was active for a period of four hours on Sunday, and even though it has now been fixed, the plugin will remain offline until Tuesday. A number of websites, including the ICO, also remain offline.

Software that mines cryptocurrency isn't illegal in its own right, but malware that installs such software without the consent of website owners is fraudulent. An investigation to try and uncover the perpetrator is now underway and technical experts are examining data from the incident, said a spokesperson for the National Cyber Security Centre in a statement.

"The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely," said the spokesperson. "At this stage there is nothing to suggest that members of the public are at risk."