There was a time when hackers simply defaced websites to get attention, then they commenced hijacking them to spread banking trojan along with ransomware, along with right now the trend has shifted towards injecting scripts into sites to mine cryptocurrencies.
Thousands of government websites around the earth have been found infected which has a specific script in which secretly forces visitors’ computers to mine cryptocurrency for attackers.
The cryptocurrency mining script injection found on over 4,000 websites, including those belonging to UK’s National Health Service (NHS), the Student Loan Company, along with data protection watchdog Information Commissioner’s Office (ICO), Queensland legislation, as well as the US government’s court system.
Users who visited the hacked websites immediately had their computers’ processing power hijacked, also known as cryptojacking, to mine cryptocurrency without their knowledge, potentially generating profits for the unknown hacker or group of hackers.
the idea turns out in which hackers managed to hijack a well-known third-party accessibility plugin called “Browsealoud,” used by all these affected websites, along with injected their cryptocurrency-mining script into its code.
Browsealoud is usually a well-known third-party browser plugin in which helps blind along with partially-sighted users access the web by converting site text to audio.
The script in which was inserted into the compromised Browsealoud software belongs to CoinHive—a browser-based Monero mining service in which offers website administrators to earn revenue by utilizing CPU resources of visitors.
The mining software was found in more than 4,200 websites, including The City University of brand-new York (cuny.edu), Uncle Sam’s court information portal (uscourts.gov), the UK’s Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner’s Office (ico.org.uk) along with the Financial Ombudsman Service (financial-ombudsman.org.uk), UK NHS services, Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk, legislation.qld.gov.au, the list goes on.
The full list of affected websites can be found here.
After UK-based infosec consultant Scott Helme raised the alarm about in which hack when one of his friends mentioned getting anti-virus alerts on a UK Government website, BrowseAloud’s operator Texthelp took down its site to resolve the issue.
Here’s what Texthelp’s chief technology officer Martin McKay said in a blog post:
“In light of different recent cyber attacks all over the earth, we have been preparing for such an incident for the last year. Our data security action plan was actioned straight away along with was effective, the risk was mitigated for all customers within a period of four hours.”
“Texthelp has in place continuously automated security tests for Browsealoud – these tests detected the modified file, along with as a result, the product was taken offline.”
in which action eventually removed Browsealoud coming from all websites immediately, addressing the security issue without its customers having to take any action.
The company also assured in which “no customer data has been accessed or lost,” along with in which its customers will receive a further update as soon as the security investigation gets completed.