The crypto-jacking epidemic has spread to India. It has come to light that tons of Indian government sites have been infected with cryptocurrency mining malware, designed to steal visitors’ computing power to earn coins.

Among others, the attackers targeted the websites of the Andhra Pradesh municipality, the Tirupati Municipal Corporation, and the Macherla municipality, the India Times reports.

The malware was first discovered by a group of Guwahati-based security researchers Shakil Ahmed, Anish Sarma and Indrajeet Bhuyan. The group identified that the affected websites were subdomains of the most visited websites in the country.

The government has since confirmed the attack is indeed authentic. As of yesterday, the websites were still actively mining cryptocurrency.

How much cryptocurrency has been mined from these scripts has not yet been disclosed. According to the report, the affected pages were running the popular CoinHive script, built for mining anonymous currency Monero.

Alongside the affected government domains, a further 119 Indian websites have been identified as running the notorious CoinHive script.

The CoinHive script – and other crypto-jacking schemes – work by running a piece of code on certain websites which then uses the computing power of the visitor to that website to mine cryptocurrency. The person browsing that website is most likely unaware that this is going on. This means the user is saddled with an increased electricity bill, while the scammers make off with any mined cryptocurrency.

Indeed, much profit can be earned from this type of crypto-jacking hack. Only a month ago researchers from RWTH Aachen University, Germany, estimated that the CoinHive script running across the world was generating over $250,000 per month in Monero.