More than 4000 sites were briefly made into cryptocurrency miners after a popular website plugin was hacked. More worryingly, several of the affected sites were actually owned by the US and UK governments.
The United Kingdom’s Information Commissioner’s Officer (ICO) – a crown appointed commission for handling data privacy – and Student Loans Company were the main victims of the attack in Europe. While the United States Courts and several university bodies suffered the same fate across the pond.
The problem was discovered by a security researcher, Scott Helme, who managed to trace the hack to an affected website plug-in called Browsealoud; a tool that helps blind and partially sighted people navigate the web. The plug-in’s maker, Texthelp confirmed the incident and said that it was affected for about four hours before being taken down.
Hackers had configured the plug-in to install Coinhive, a program designed to mine for Monero via the visitor’s CPU. Monero has proven to be particularly popular with cybercriminals as of late; with multiple similar attacks looking to generate the cryptocurrency.
Coinhive itself isn’t malicious; the script was created to provide an alternative source of income for sites that were lacking in advertisements and in need of a method to make ends meet.
Such was the case of the Pirate Bay. Last September, we reported that the online torrent server briefly implemented the script on its site for 24 hours, stating that they were testing out the potential feature. While some visitors to the site were okay with it, many clearly didn’t like the idea of having their CPUs being manipulated like that.
Moving forward, Texthelp has already disable the affected code, and visitors to the sites were no longer at risk. A full list of affected websites is available at ‘publicwww‘.