At least 4,200 websites had cryptominer active through hacked plugin

MANILA, Philippines – At least 4,200 websites were affected by cryptocurrency mining software on Sunday, February 11, after a browser plugin used on those sites was apparently hacked to generate cryptocurrency for the hacker.

The hacked plugin, TextHelp's Browsealoud, reads websites aloud for users with partial or total blindness. The affected websites included US and UK government websites, along with the National Health Service (NHS), and some university websites such as that of the City University of New York (CUNY). 

According to TextHelp's ongoing investigation, a Javascript file that was part of Browsealoud was compromised in a cyberattack.

While the hack, TextHelp said, did not affect customer data, the plugin was readily mining cryptocurrency across the affected sites, which included TextHelp's own website, for around 4 hours. 

Hey @texthelp you've been compromised, you need to address this ASAP. Their site also has the crypto miner running: — Scott Helme (@Scott_Helme) February 11, 2018

The Register added the affected sites were mining the Monero cryptocurrency.

TextHelp said they would keep Browsealoud offline till Tuesday, 12:00 GMT. They also said no other TextHelp products were affected. 

Martin McKay, Chief Technology Officer and Data Security Officer for TextHelp added, “A security review will be conducted by an independent security consultancy. The investigation is ongoing, and customers will receive a further update when the security investigated has been completed." –

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.