At least 4,200 websites had cryptominer active through hacked plugin
MANILA, Philippines – At least 4,200 websites were affected by cryptocurrency mining software on Sunday, February 11, after a browser plugin used on those sites was apparently hacked to generate cryptocurrency for the hacker.
The hacked plugin, TextHelp's Browsealoud, reads websites aloud for users with partial or total blindness. The affected websites included US and UK government websites, along with the National Health Service (NHS), and some university websites such as that of the City University of New York (CUNY).
While the hack, TextHelp said, did not affect customer data, the plugin was readily mining cryptocurrency across the affected sites, which included TextHelp's own website, for around 4 hours.
The Register added the affected sites were mining the Monero cryptocurrency.
TextHelp said they would keep Browsealoud offline till Tuesday, 12:00 GMT. They also said no other TextHelp products were affected.
Martin McKay, Chief Technology Officer and Data Security Officer for TextHelp added, “A security review will be conducted by an independent security consultancy. The investigation is ongoing, and customers will receive a further update when the security investigated has been completed." – Rappler.com
In these changing times, courage and clarity become even more important.
Take discussions to the next level with Rappler PLUS — your platform for deeper insights, closer collaboration, and meaningful action.
Sign up today and access exclusive content, events, and workshops curated especially for those who crave clarity and collaboration in an intelligent, action-oriented community.
As a bonus, we’re also giving a free 1-year Booky Prime membership for the next 200 subscribers.
You can also support Rappler without a PLUS membership. Help us stay free and independent by making a donation: https://www.rappler.com/crowdfunding. Every contribution counts.