Thousands of public sector websites hacked by cryptocurrency miners

4,200 websites using a new release of an accessibility plug-in were quickly compromised, say researchers – with the vast majority being government ones, including the ICO

Posted 12 February 2018 at 8:51am by

If you visited a government and university website yesterday, sad to say that chances are you helped hackers make some money off you.

A new version of third-party plugin called Browsealoud, developed by Texthelp to read out pages for visually impaired users, was quickly compromised by a cryptocurrency group – with as many as 4,200, mostly government, sites compromised in both the US and UK.

If you opened a browser and looked at the online presences of a uscourts.gov or ico.org.uk or even some NHS sites, your compute power was immediately suborned by the attack using software to mine Monero virtual currency, it has been confirmed.

IT news site The Register detailed on Sunday how UK victims included the Student Loans Company, the Financial Ombudsman Service (financial-ombudsman.org.uk), Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk and legislation.qld.gov.au (full list here).

To make matters worse, while the first release of the mine attack stopped after the browser was closed, later versions seem to be able to carry on afterwards.

While the vendor has already taken the necessary action to disinfect its software, the case highlights the need for unwavering cybersecurity vigilance, says the UK-based security consultant who raised the alarm over the weekend and contacted the site, Scott Helme.

On his Twitter feed, Helme shared numerous screenshots of affected sites over the course of Sunday, recommending that the best defence may be a technique called Subresource Integrity, which catches and blocks attempts by hackers to inject malicious code into third=party websites.