Thousand of Government Websites Discovered Infected with Crypto Mining Malware

On Sunday thousands of websites including U.S AND U.K government sites were discovered infected with a crypto mining malware.

According to reports 4,275 websites were injected with Coinhive’s Monero miner which includes government websites from numerous countries such as Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk, legislation.qld.gov.au, uscourts.gov, gmc-uk.gov and many more.

Security researcher Scott Helme who first spotted it said that Coinhive miner was injected to the website through an accessibility script called BrowseAloud by TextHelp.com.

crypto mining malware

crypto mining malware

BrowseAloud is a popular plugin which reads out web pages for people with vision problems.

Helme said that BrowseAloud was compromised and the script contains a malicious code which injects Coinhive miner into every websites.

Read more on: More than 500,000 Computers infected with Smominru Monero Mining Botnet

TextHelp was informed about the issue, and the compromised script was taken down.

The company also said that it has started an investigation on this issue and the Browsealoud service will be disabled until the investigation is over.

“At 11:14 am GMT on Sunday 11th February 2018, a JavaScript file which is part of the Texthelp Browsealoud product was compromised during a cyber attack.  The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency.” said in the post published by TextHelp in response to the issue.

Texthelp also confirms that no data of customers has been accessed or stolen. The BrowseAloud service was only affected, and other Texthelp products were not impacted by the compromise.

“Texthelp can report that this attacker did not attempt to extort or ransom money from Texthelp or Texthelp customers. The company has examined the affected file thoroughly and can confirm that no customer data has been accessed or lost.  The file used the computer’s CPUs to attempt to generate cryptocurrency.  The exploit was active for a period of four hours on Sunday.”

You may be interested in reading: RubyMiner Malware found Targeting outdated Linux and Windows Servers

Comments

You May Also Like