Thousand of websites, including those run by government departments in Australia, the United Kingdom and the United States, have been serving up cryptomining script through a popular plugin used to assist disabled visitors on websites.

First reported by The Register Sunday, the infection is believed to have been caused by attackers hacking a plugin called Browsealoud, which reads out web pages for blind or partially sighted people. It inserts the code for Coinhive’s Monero miner into it, meaning sites using the plugin were serving up the mining code without realizing it.

The Coinhive cryptocurrency mining code works by injecting JavaScript software into the browser of a visitor to a webpage with the user, unless they have antivirus software installed. While mining for the Monero cryptocurrency, the code also hijacks a victim’s computer processor — causing higher power usage and, at least with some Android versions, potentially even destroying the phone.

The sites were serving the code for at least a few hours on Sunday until Texthelp Ltd., the company behind the plugin, disabled the cryptomining code. Sites known to have been serving up the script include City University of New York, the U.S. court information portal (uscourts.gov), U.K. privacy watchdog The Information Commissioner’s Office, The U.K. Financial Ombudsman Service (financial-ombudsman.org.uk) and various government sites in Australia, including both the Queensland and Victoria parliaments.

The actual infection method for the script injection into the plugin is not known. But security researchers at Sophos noted that the rogue script that was injected into the Browsealoud server includes code that tries to limit the amount of processing power that the cryptomining will steal. That’s presumably in the hope that the code would stay unnoticed for longer.

In terms of what users can do, the same researchers noted that “simply shutting down your browser is enough to kill off any cryptomining scripts that may have been left behind by this attack.” Running antivirus software also assists in detecting the JavaScript injection when it happens.

Image: Maxpixel