Government websites hijacked by cryptomining plugin

Government websites hijacked by cryptomining plugin

Scott Helme, the security researcher who first spotted the hack, said of the attack: 'It means unsuspecting visitors to those websites have their devices - whether it be a phone, tablet or computer - also hacked. "The sheer number of sites affected by this is huge and some of them are really prominent government websites!"

It was only a few hours ago when I reported that the United Kingdom government has been hit with cryptocurrency mining malware, but now a bunch of Australian government websites have been compromised. The sites of UK's own data protection watchdog and UK's National Health Service were supposedly hit along with other websites.

The makers of Browsealoud, Texthelp, confirmed that hackers inserted a script known as Coinhive into their software.

According to a report on The Register, the parties behind this hack targeted websites that use a plug-in called Browsealoud, which reads webpages out aloud for people whose sight is impaired. Coinhive, which takes a 30 per cent cut of anything mined using unmodified versions of its plugin, officially discourages embedding their miner in websites without informing users up front that it may take a (sometimes significant) slice of their computers' processing power.

He explained on his blog that it's far easier for hackers to compromise a plug-in used by lots of sites, than to attack them all directly. If a 3rd party script is being used and is commonly modified, then you will need to make sure to update your SRI hashes for each new update. He said he learned about the compromised JavaScript file on Sunday morning.

There were ways the government sites could have protected themselves from this. It said it is investigating the incident. "It may have been hard for a small website, but I would have thought on a government website we should have expected these defence mechanisms to be in place".

In December The Guardian reported that almost 1 billion visitors to the video sites Openload, Streamango, Rapidvideo and OnlineVideoConverter were also being crypto-jacked.

The company added that no customer data has been accessed or lost, and that the exploit was active for a period of four hours.

"The affected service has been taken offline, largely mitigating the issue".

The office of the Queensland Parliamentary Council, which operates the Queensland legislation website, and the Victorian parliament have been contacted for comment.

Related:

Comments