Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
Akos Stiller/Bloomberg via Getty Images
Four thousand websites, including those of the U.S. federal court system, the British National Health system and other government sites, have infected visitors with cryptocurrency mining malware, the U.K. National Cyber Security Centre said Monday.
What actually happened? Hackers embedded the CoinHive malware in a third party component, Texthelp Browsealoud, advertised as adding speech, reading, and translation software to websites "for people with Dyslexia, Low Literacy, English as a Second Language, and those with mild visual impairments."
It's not good, but not the worst: CoinHive forces computers to generate cryptocurrency. It's an intensive process and an invasion of a private space, but not the worst thing the attackers could have done.
- Researcher Scott Helm, who discovered the malware on the sites over the weekend, tweeted:
Minus the jargon, Scott is saying that the attackers could have installed malware that more invasively violated user privacy or used victims to launch even more destructive attacks.