Australian government also hit with crypto mining malware

Adjust Comment Print

He tweeted: "I have a list of over domains affected so far".

Security researcher Scott Helme discovered the hack when a pal mentioned getting antivirus alerts on a UK Government website.

According to the Register, all of the afflicted websites ran British tech company Texthelp's Browsealoud plugin, which reads out websites for people with visual impairments like full or partial blindness or conditions like dyslexia.

The software - known as "Coinhive" - will run in the background until the webpage is closed. Offloading those costs to random web users by injecting miners into other peoples' websites, an attack called cryptojacking, has quickly become widespread and prior attacks are estimated to have generated hundreds of thousands in profits for hackers.

Texthelp, the company that provides Browsealoud, has confirmed that the compromised plugin has been taken offline.

Koreas share historic handshake at Olympic opening ceremony
It marked the first time in eight and a half years that a ranking DPRK delegation visited South Korea's presidential complex. The games are seen as a pivotal moment for relations between the two countries, who have been officially at war since 1950.

Britain's National Cyber Security Centre said the issue was being investigated, and there was nothing to suggest the public was at risk.

"If you want to load a crypto miner on 1000+ websites you don't attack 1000+ websites, you attack the 1 website that they all load content from", Helme said. "There are easy ways to make sure they don't do that".

"The exploit was active for a period of four hours on Sunday". "The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers CPUs [central processing unit] to attempt to generate cryptocurrency". "The Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Tuesday 12.00pm GMT". "Seems to have hit other government sites too including the U.S. and Australia".

The office of the Queensland Parliamentary Council, which operates the Queensland legislation website, and the Victorian parliament have been contacted for comment.