Latin America

At least 4,200 websites had cryptominer active through hacked plugin

Victor Barreiro Jr.
Affected websites include US and UK government websites, along with some university websites such as that of the City University of New York (CUNY)

MANILA, Philippines – At least 4,200 websites were affected by cryptocurrency mining software on Sunday, February 11, after a browser plugin used on those sites was apparently hacked to generate cryptocurrency for the hacker.

The hacked plugin, TextHelp’s Browsealoud, reads websites aloud for users with partial or total blindness. The affected websites included US and UK government websites, along with the National Health Service (NHS), and some university websites such as that of the City University of New York (CUNY). 

According to TextHelp’s ongoing investigation, a Javascript file that was part of Browsealoud was compromised in a cyberattack.

While the hack, TextHelp said, did not affect customer data, the plugin was readily mining cryptocurrency across the affected sites, which included TextHelp’s own website, for around 4 hours. 

{source}

<blockquote class=”twitter-tweet” data-lang=”en”><p lang=”en” dir=”ltr”>Hey <a href=”https://twitter.com/texthelp?ref_src=twsrc%5Etfw”>@texthelp</a> you&#39;ve been compromised, you need to address this ASAP. Their site also has the crypto miner running: <a href=”https://t.co/fl0U9ssZRr”>pic.twitter.com/fl0U9ssZRr</a></p>&mdash; Scott Helme (@Scott_Helme) <a href=”https://twitter.com/Scott_Helme/status/962691692951474176?ref_src=twsrc%5Etfw”>February 11, 2018</a></blockquote>
<script async src=”https://platform.twitter.com/widgets.js” charset=”utf-8″></script>

{/source}

The Register added the affected sites were mining the Monero cryptocurrency.

TextHelp said they would keep Browsealoud offline till Tuesday, 12:00 GMT. They also said no other TextHelp products were affected. 

Martin McKay, Chief Technology Officer and Data Security Officer for TextHelp added, “A security review will be conducted by an independent security consultancy. The investigation is ongoing, and customers will receive a further update when the security investigated has been completed.” – Rappler.com