UPDATED 21:38 EST / FEBRUARY 11 2018

INFRA

Government sites in US, UK and Australia found to be serving up cryptomining scripts

Thousand of websites, including those run by government departments in Australia, the United Kingdom and the United States, have been serving up cryptomining script through a popular plugin used to assist disabled visitors on websites.

First reported by The Register Sunday, the infection is believed to have been caused by attackers hacking a plugin called Browsealoud, which reads out web pages for blind or partially sighted people. It inserts the code for Coinhive’s Monero miner into it, meaning sites using the plugin were serving up the mining code without realizing it.

The Coinhive cryptocurrency mining code works by injecting JavaScript software into the browser of a visitor to a webpage with the user, unless they have antivirus software installed. While mining for the Monero cryptocurrency, the code also hijacks a victim’s computer processor — causing higher power usage and, at least with some Android versions, potentially even destroying the phone.

The sites were serving the code for at least a few hours on Sunday until Texthelp Ltd., the company behind the plugin, disabled the cryptomining code. Sites known to have been serving up the script include City University of New York, the U.S. court information portal (uscourts.gov), U.K. privacy watchdog The Information Commissioner’s Office, The U.K. Financial Ombudsman Service (financial-ombudsman.org.uk) and various government sites in Australia, including both the Queensland and Victoria parliaments.

The actual infection method for the script injection into the plugin is not known. But security researchers at Sophos noted that the rogue script that was injected into the Browsealoud server includes code that tries to limit the amount of processing power that the cryptomining will steal. That’s presumably in the hope that the code would stay unnoticed for longer.

In terms of what users can do, the same researchers noted that “simply shutting down your browser is enough to kill off any cryptomining scripts that may have been left behind by this attack.” Running antivirus software also assists in detecting the JavaScript injection when it happens.

Image: Maxpixel

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU