Some UK websites have been shut down amid warnings that hackers were taking control of visitors’ computers to secretly mine cryptocurrency.

Over 4,000 sites from across the world – including those owned by the UK’s Information Commissioner’s Office (ICO) and the NHS – were taken down yesterday after security researcher Scott Helme raised the alarm.

According to The Register, which broke the news, the affected websites were using Browsecloud, a relatively popular plugin created by Texthelp, which helps the blind and partially sighted navigate the web.

It’s not yet known how the technology was compromised, although reports suggest it was either intercepted by hackers or rogue insiders who altered the plugin’s script. Hackers were then able to add the Monero miner to Browseclod’s proprietary code.

Helme said: “It’s a very lucrative proposal. They infect one website and it infects close to 5,000.

“This was a very serious breach. They could have extracted personal data, stolen information or installed malware. It was only limited by the hackers’ imaginations,” adding that because the malware only runs while users actively visit an infected website, there will not be exposed to further risk.

The hacked script was also found running on the Student Loans Company’s website, that owned by Barnsley Hospital as well as others in the UK and beyond.

Martin McKay, chief technical officer of TextHelp, said in a statement: “In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year and our data security action plan was actioned straight away.”