Thousands of websites hijacked to mine cryptocurrency

The code in purple is malicioius. Pic Scott Helme

Image The code in purple is malicioius. Pic Scott Helme

HACKERS have secretly installed bitcoin-like mining software on dozens of secure government websites.

In what has been newly termed as 'cryptojacking, ' the Guardian reported that thousands of websites had been infected over the weekend.

It was only a few hours ago when I reported that the United Kingdom government has been hit with cryptocurrency mining malware, but now a bunch of Australian government websites have been compromised.

A list of 4,200-plus affected websites can be found here: they include The City University of NY (cuny.edu), Uncle Sam's court information portal (uscourts.gov), Lund University (lu.se), the UK's Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner's Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other.gov.uk and.gov.au sites, UK NHS services, and other organisations across the globe.

Texthelp told The Register that it had shut down the operation by disabling Browsealoud while its engineering team investigated.

The malicious software came via a plugin called BrowseAloud which helps partially-sighted people access content on the web.

Texthelp for its part, took its websites down and withdrew the plug-in while it worked on a solution to the problem.

Tracking it back, he learnt that it wasn't the website itself that was compromised, but a script file loaded from Texthelp, specifically a tool that allows users to have websites read out to them.

Monero is usually the crypto of choice as it is anonymous and encrypted and, therefore, can not be traced back to the source wallets.

LeBron spoils Pierce's day, leads new-look Cavs to rout of Celtics
Rodney Hood , another new acquisition from the Utah Jazz, came up with 15 points as the Cavaliers improved to 33-22. The Celtics recently signed Greg Monroe, who was waived by the Phoenix Suns, to add some offensive punch up front.

He said: "This type of attack isn't new - but this is the biggest I've seen".

The hack added the Coinhive program to the impacted websites.

The same plugin was found to be the cause of the incursion.

"But there were ways the government sites could have protected themselves from this".

"Government websites continue to operate securely".

"This removed Browsealoud from all our customer sites immediately, addressing the security risk", he said.

Images courtesy of Bitcoinist archives.

Is your antivirus software ready for a mining malware attack?

Latest News