Thousands of websites including that of the US and UK government have been attacked my crypto-mining malware. Thanks to a compromised plugin, the websites were secretly hijacked to mine cryptocurrency.
In the recent months, there has been a surge in cyber attacks where the hackers are using software that forces the infected computer on their behalf. On Sunday, the cryptojacking software was inserted into websites codes through BrowseAloud which is a popular plugin that helps blind and partially-sighted people to access the internet by converting website text to audio.
Coinhive, a software known to secretly use the processing of a user’s computer to mine open-source cryptocurrency Monero was injected into the BrowseAloud plugin which resulted in the hijacking of more than 5000 websites.
Today crypto-mining malware also hit the Australian government’s website as part of the worldwide security breach. The malware hit official website of the Victorian parliament, the Queensland Civil and Administrative Tribunal, the Queensland Ombudsman, the Queensland Community Legal Centre homepage, and the Queensland legislation website, which lists all of the state’s acts and bills.
Texthelp, the software company which operates BrowseAloud plugin took its website down on Sunday and since then has taken the plugin offline so the new visitors to the site wouldn’t load the cryptojacking script.
Such attacks are not new in the cyber world but it is one of the biggest that we have seen in the cyberspace. It is quite shocking that the government websites didn’t have the relevant defense mechanisms in place to fight such crypto-mining malware.