On Sunday, thousands of websites, including UK’s Information Commissioner's Office (ICO) and National Health Service (NHS), and USA’s court information portal, were hacked for several hours with code that caused web browsers to mine digital currency, reported The Register.
In Australia it infected several government sites including the official site of the Victorian parliament, the Administrative Tribunal, and the Queensland legislation website, reported The Guardian. Over 4,200 websites were infected by a malicious version of a very popular browser plug-in, Texthelp’s Browsealoud, which reads out webpages for visually impaired users. A full list of the 4,275 affected sites can be found here.
The tainted version of Browsealoud caused the silent insertion of Coinhive’s Monero miner software to run on computers that visited any of the infected sites to generate digital currency, Monero. It went on for about four hours, generating money for the hackers.
— Scott Helme (@Scott_Helme) February 11, 2018
With prices of cryptocurrency rising, these attacks have become fairly common as cybercriminals are now looking for ways to invade digital marketplaces. Mining malwares affect unsuspecting endpoint computers and infect them to mine new crypto coins.
Earlier this year, Cisco Talos, the threat intelligence group of Cisco, reported how unsuspecting users can be hijacked into mining cryptocurrency and said this could be “leveraged to generate more than $100 million per year.” The report further states that, “Monero, one of the most popular mining targets, saw a 3000% increase over the last 12 months.”
This attack was first spotted by Scott Helme, a UK-based infosec consultant after a friend of his received a warning while visiting UK’s ICO. On his personal website, Helme has documented the entire attack, along with steps to protect your site.
Texthelp temporarily disabled Browsealoud, while trying to solve the problem and the company confirmed that no user data has been stolen or compromised.