In the UK, the Information Commissioner’s Office and the Student Loan Company have both been affected, with the General Medical Council and NHS Inform also found running the script. In the US, the Indiana Government and the US courts system free cloud bitcoin mining reviews also discovered to be running the crypto jacking script. The mining script comes from Coinhive, a company that claims its product can help you “monetise your site visitors” by sucking their CPU power and using it to mine cryptocurrencies.
The crypto-jacking script isn’t particularly malicious. While it may utilise your computer’s CPU power – and therefore slow your computer down – it won’t capture sensitive information you may have entered on any of the government sites you’ve visited. NCSC technical experts are examining data involving incidents of malware being used to illegally mine cryptocurrency. The affected service has been taken offline, largely mitigating the issue.
Government websites continue to operate securely. At this stage there is nothing to suggest that members of the public are at risk. If you’re worried about becoming a victim of crypto jacking, you can install a content blocker that’ll scramble the script and flag the plugin. No Coin for Firefox, Chrome and Opera are your best bet. Interestingly, Opera comes with crypto jacking protections embedded into both its mobile and desktop iterations.