UK and US Government websites hijacked with Cryptomining software after plugin compromise

UK an US Government websites hijacked with Cryptomining software after plugin compromise

UK and US Government websites hijacked with Cryptomining software after plugin compromise

For several hours yesterday, the popular plugin Browsealoud (Browse Aloud) was compromised with the Coinhive Monero cryptocurrency mining tool, causing over 4,000 websites to be inadvertently infected with a crypto miner, with UK, US and Irish Government websites being affected.   

Browsealoud is a popular plugin that reads web pages aloud to help those with dyslexia or partial blindness, a tool that was created by the UK-based company Texthelp. Websites affected by this compromised version of Browsealoud include the UK’s Student Loans Company. The Financial Ombudsman’s Office, the Information Commissioner’s Office and a boatload of NHS services and organisations. 

Thankfully the Cryptominer infection did not spread outside of Browsealoud, leaving affected websites safe after around five hours, after which the change was spotted by Texthelp’s automated security testing suite. The Browsealoud plugin will remain offline until an independent security review can be completed.

Anyone who browsed affected websites only mined Monero for the duration of their time on the site, with no personal information being accessible as a result of the malicious miner’s presence. Below is a comment from Texthelp’s security officer Martin McKay;

     Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result, the product was taken offline.

This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.

Texthelp can report that no customer data has been accessed or lost.

 

Over 4,200 websites were affected by this compromised version of Browsealoud, with a list of affected sites being available to view here. This list includes US, UK, Australian and Irish Government websites, as well as the websites of several companies and other services.  

UK an US Government websites hijacked with Cryptomining software after plugin compromise

You can join the discussion on UK and US government website being temporarily infected by cryptocurrency mining code on the OC3D Forums.  Â