A website plugin popular with US, UK, and Australian government sites was hacked, hijacking the browser of anyone who visited the affected sites to run malicious mining code to the benefit of the hackers responsible.
“Mining” refers to use of processing resources (like your computer’s CPU) to contribute to the work of verifying a cryptocurrency blockchain in return for a small amount of the currency in question. Taking partial control of an unsuspecting websurfer’s CPU with browser-based attacks to mine cryptocurrency can be very profitable if the scale of the attack is large enough. Over 4,200 websites were affected (a full list is available here) including some of the world’s largest public sector organizations such as the US Federal Court, the UK’s National Health Service, the City University of New York, the State of Indiana and the City of the Manchester.
Browsealoud, the compromised plugin made by British developer Texthelp, is an accessibility tool for the blind and visually impaired that reads website content aloud. The hack inserted an exploit into Browsealoud’s source code, causing any browser that visited a Browsealoud-enabled site to start mining Monero, a cryptocurrency currently trading at $243.68 per unit, and forward the profits on to parties unknown. The malicious code only ran while visiting an infected site, and stoped when the user navigated away from the site or closed the browser window. There does not appear to be any lasting effects from visiting an infected site, and most malware and antivirus programs blocked the mining code by default.
Monero It has significant structural differences from other distributed ledger, blockchain-based cryptocurrencies like Bitcoin, designed to make it more anonymous and less transparent—in turn making it more attractive to bad actors.
“In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year and our data security action plan was actioned straight away,” said Texthelp's chief technology officer Martin McKay in a statement on their website.
The company added that "no customer data has been accessed or lost," and "customers will receive a further update when the security investigation has been completed."
Is your firm vulnerable to cyber attacks? Learn how to protect yourself in our 2018 Cyber Threat Landscape Webinar and get a free cyber security assessment today.