Digital cash hack hits public sector sites

Attempts to mine cryptocurrency affects thousands of websites, including several government sites

Hackers were reportedly taking control of users' computers to mine cryptocurrency in a malware attack that has affected thousands of websites.

The Information Commissioner's Office (ICO) took down its website after a warning over the attack, which was highlighted by security researcher Scott Helme.

The ICO said: "We are aware of the issue and are working to resolve it."

Helme claimed more than 4,000 websites, including many government ones such as the ICO, were hit by the attack, but the affected code had now been disabled, the BBC reports.

Alerted by a friend who had received a malware warning when he visited the ICO website, Helme traced the problem to a website plug-in called Browsealoud, which assists blind and partially sighted people accessing the web.

"This type of attack isn't new, but this is the biggest I've seen. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the US," Helme told Sky News.

"Someone just messaged me to say their local government website in Australia is using the software as well."

Texthelp, the company which makes the Browsealoud plug-in, confirmed that the product was affected for four hours by malicious code designed to generate cryptocurrency.

The cryptocurrency involved was Monero - a rival to Bitcoin that is designed to make transactions in it "untraceable" for senders and recipients.

A spokesperson for the National Cyber Security Centre said: "NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency.

"The affected service has been taken offline, largely mitigating the issue. Government websites continue to operate securely.

"At this stage there is nothing to suggest that members of the public are at risk."