Skip to main content

Government websites fall prey to a plugin injected with a digital coin miner

government monero
Image used with permission by copyright holder

Thousands of websites relying on the Browsealoud plugin developed by U.K.-based Texthelp recently fell prey to a hack that secretly ran a cryptocurrency mining script in the background of visiting PCs. Websites use this specific plugin for visually impaired visitors so they can hear content, but on Sunday, February 11, someone managed to alter the plugin’s code to run Coinhive’s controversial JavaScript-based Monero digital currency miner. 

Because it’s based on JavaScript, administrators can easily insert Coinhive’s miner into a webpage. It runs in the background while visitors browse the website, silently mining digital coins using their PC’s processor. The CPU use can be extremely apparent if you know what’s going on, otherwise, the average web surfer may simply shrug off the slow performance as typical Windows or web-based processes slowing down the machine. The mining stops once web surfers leave the offending page. 

The altered Browsealoud plugin began mining Monero Sunday morning on more than 4,200 websites spanning the globe, including governments, organizations, and schools. Among them was the State of Indiana, the U.S. court information portal, the City University of New York, the U.K.’s National Health Service, the U.K.’s Student Loans Company, and many more. 

Most websites typically rely on plugins to pull content and tools from third-party developers. These can include translators, shopping baskets and ecommerce, menus, and so on. But the discovery of Coinhive’s miner in Browsealoud points to the possibility that if a hacker could gain access to one plugin for malicious purposes, thousands of websites could suffer. 

Plugin content typically resides on a remote server and sent to the target web page using a secure connection. The problem is that there is no real system to authenticate the actual content. Thus, someone with access to the content could easily inject malicious code, and the resulting websites using the plugin would serve up the malicious content despite registering the server as secure. 

One method to fix this problem is called Subresource Integrity. It comprises of two HTML elements with an “integrity” attribute that relies on a cryptographic hash. If the number provided to the website doesn’t match the number associated by the content, then the website can catch and block the malicious code. Unfortunately, this isn’t a widely used technique, but the recent issue with Browsealoud may convince more websites to utilize the Subresource Integrity method. 

Coinhive’s miner was reportedly only active in the Browsealoud plugin for a few hours before Texthelp pulled the plug. And although the outcome was apparently only to generate digital coin, the company still considers the hack as a criminal act. 

“Texthelp has in place continuous automated security tests for Browsealoud — these tests detected the modified file and as a result, the product was taken offline,” Texthelp Chief Technical Officer Martin McKay said in a statement. “This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.” 

Texthelp is currently working with the National Crime Agency and the National Cyber Security Agency to hunt down the hacker(s). 

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Best OLED monitor deals: Get an OLED screen from just $450
Marvel's Spider-Man running on the Samsung Odyssey OLED G8.

Shopping some of the best monitor deals is a good way to save on some extra screen real estate, but if you’re looking for something that can produce a stunning image you should turn your shopping cart toward the OLED monitors. OLED is one of the best picture technologies currently available, and it can create a lifelike image that makes interacting with games, presentations, and creative work much more immersive. The best OLED monitors can run pretty expensive, but that’s what OLED monitor deals are for. If you’re looking for superior picture quality and some ways to save, read onward for more details on the best OLED monitor deals taking place right now.
ViewSonic 15.6-inch VX1655 4K OLED portable monitor — $450, was $500

Getting into the OLED game can be both affordable and portable with the ViewSonic VX1655. It’s a 4K OLED display that’s made to function as either a laptop extension or something to pair with a tablet. It comes in at a super sharp 4K resolution and a refresh rate of 60Hz. This isn’t something you’d want to pair with a gaming PC, but it’s a great little display to keep with you if you do creative work on the run or want some extra screen real estate while working on a tablet at your desk.

Read more
Best monitor deals: Gaming, office, curved, OLED and more
Dell UltraSharp 27 4K PremierColor Monitor

Whether you prefer to work at one of the best desktop computers, the best laptops, or anything in between, an external monitor can be helpful to add some extra screen real estate. One of the best monitors can even go a long way toward reducing eye strain and creating an immersive digital or gaming experience. While high end monitors can get quite expensive, there are always some impressive monitor deals to shop, and we’ve tracked them all down. Reading onward you’ll find what we feel are the best monitor deals, whether you’re shopping for 4K monitors, gaming monitors, ultrawide monitors, or more general monitors meant for all-purpose users.
Best monitor deals

The following deals represent a best-of of the deals below. They're selected to give a mixture of prices, styles, and levels of discount. If you don't see something you like, don't worry, as the following sections will have plenty more deals for you to choose from. However, this is a highly recommended place to start:

Read more
7 best Chromebooks for 2024: the best for every budget
Close up of the Chrome logo on the top of a Chromebook.

Chromebooks might have a hard time competing with Windows laptops and MacBooks, but that doesn't mean they don't have their place. We've reviewed hundreds of laptops over the years, testing for important qualities like performance, battery life, and display quality — and we've found that Chromebooks consistently excel at performance and reliability.

You can find Chromebooks from Google, HP, Lenovo, Acer, and many others, and we've dug through them to put together this roundup of the best Chromebooks on the market. They're incredibly accessible devices, and for the right person, a Chromebook can be the best laptop in terms of value.

Read more