On Sunday thousands of websites including U.S AND U.K government sites were discovered infected with a crypto mining malware.
According to reports 4,275 websites were injected with Coinhive’s Monero miner which includes government websites from numerous countries such as Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk, legislation.qld.gov.au, uscourts.gov, gmc-uk.gov and many more.
Security researcher Scott Helme who first spotted it said that Coinhive miner was injected to the website through an accessibility script called BrowseAloud by TextHelp.com.
BrowseAloud is a popular plugin which reads out web pages for people with vision problems.
Helme said that BrowseAloud was compromised and the script contains a malicious code which injects Coinhive miner into every websites.
TextHelp was informed about the issue, and the compromised script was taken down.
The company also said that it has started an investigation on this issue and the Browsealoud service will be disabled until the investigation is over.
Texthelp also confirms that no data of customers has been accessed or stolen. The BrowseAloud service was only affected, and other Texthelp products were not impacted by the compromise.
“Texthelp can report that this attacker did not attempt to extort or ransom money from Texthelp or Texthelp customers. The company has examined the affected file thoroughly and can confirm that no customer data has been accessed or lost. The file used the computer’s CPUs to attempt to generate cryptocurrency. The exploit was active for a period of four hours on Sunday.”
You may be interested in reading: RubyMiner Malware found Targeting outdated Linux and Windows Servers