INFRA
INFRA
INFRA
Government sites in US, UK and Australia found to be serving up cryptomining scripts
Thousand of websites, including those run by government departments in Australia, the United Kingdom and the United States, have been serving up cryptomining script through a popular plugin used to assist disabled visitors on websites.
First reported by The Register Sunday, the infection is believed to have been caused by attackers hacking a plugin called Browsealoud, which reads out web pages for blind or partially sighted people. It inserts the code for Coinhive’s Monero miner into it, meaning sites using the plugin were serving up the mining code without realizing it.
The Coinhive cryptocurrency mining code works by injecting JavaScript software into the browser of a visitor to a webpage with the user, unless they have antivirus software installed. While mining for the Monero cryptocurrency, the code also hijacks a victim’s computer processor — causing higher power usage and, at least with some Android versions, potentially even destroying the phone.
The sites were serving the code for at least a few hours on Sunday until Texthelp Ltd., the company behind the plugin, disabled the cryptomining code. Sites known to have been serving up the script include City University of New York, the U.S. court information portal (uscourts.gov), U.K. privacy watchdog The Information Commissioner’s Office, The U.K. Financial Ombudsman Service (financial-ombudsman.org.uk) and various government sites in Australia, including both the Queensland and Victoria parliaments.
The actual infection method for the script injection into the plugin is not known. But security researchers at Sophos noted that the rogue script that was injected into the Browsealoud server includes code that tries to limit the amount of processing power that the cryptomining will steal. That’s presumably in the hope that the code would stay unnoticed for longer.
In terms of what users can do, the same researchers noted that “simply shutting down your browser is enough to kill off any cryptomining scripts that may have been left behind by this attack.” Running antivirus software also assists in detecting the JavaScript injection when it happens.
Image: Maxpixel
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
