Skip to main content

Government websites fall prey to a plugin injected with a digital coin miner

Thousands of websites relying on the Browsealoud plugin developed by U.K.-based Texthelp recently fell prey to a hack that secretly ran a cryptocurrency mining script in the background of visiting PCs. Websites use this specific plugin for visually impaired visitors so they can hear content, but on Sunday, February 11, someone managed to alter the plugin’s code to run Coinhive’s controversial JavaScript-based Monero digital currency miner. 

Because it’s based on JavaScript, administrators can easily insert Coinhive’s miner into a webpage. It runs in the background while visitors browse the website, silently mining digital coins using their PC’s processor. The CPU use can be extremely apparent if you know what’s going on, otherwise, the average web surfer may simply shrug off the slow performance as typical Windows or web-based processes slowing down the machine. The mining stops once web surfers leave the offending page. 

Recommended Videos

The altered Browsealoud plugin began mining Monero Sunday morning on more than 4,200 websites spanning the globe, including governments, organizations, and schools. Among them was the State of Indiana, the U.S. court information portal, the City University of New York, the U.K.’s National Health Service, the U.K.’s Student Loans Company, and many more. 

Most websites typically rely on plugins to pull content and tools from third-party developers. These can include translators, shopping baskets and ecommerce, menus, and so on. But the discovery of Coinhive’s miner in Browsealoud points to the possibility that if a hacker could gain access to one plugin for malicious purposes, thousands of websites could suffer. 

Plugin content typically resides on a remote server and sent to the target web page using a secure connection. The problem is that there is no real system to authenticate the actual content. Thus, someone with access to the content could easily inject malicious code, and the resulting websites using the plugin would serve up the malicious content despite registering the server as secure. 

One method to fix this problem is called Subresource Integrity. It comprises of two HTML elements with an “integrity” attribute that relies on a cryptographic hash. If the number provided to the website doesn’t match the number associated by the content, then the website can catch and block the malicious code. Unfortunately, this isn’t a widely used technique, but the recent issue with Browsealoud may convince more websites to utilize the Subresource Integrity method. 

Coinhive’s miner was reportedly only active in the Browsealoud plugin for a few hours before Texthelp pulled the plug. And although the outcome was apparently only to generate digital coin, the company still considers the hack as a criminal act. 

“Texthelp has in place continuous automated security tests for Browsealoud — these tests detected the modified file and as a result, the product was taken offline,” Texthelp Chief Technical Officer Martin McKay said in a statement. “This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.” 

Texthelp is currently working with the National Crime Agency and the National Cyber Security Agency to hunt down the hacker(s). 

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Don’t miss this chance to buy a MacBook Air at $200 off
The MacBook Air on a table in front of a window.

For those who have always wanted to get one of Apple's MacBooks but can't stomach the price tag, here's your chance to buy one for a relatively affordable price. Best Buy has slashed the price of the 13-inch Apple MacBook Air M3 to only $699, for savings of $200 on its sticker price of $899. You need to act fast though, as there's always high demand for MacBook deals. The stocks that are up for sale may already be gone as soon as tomorrow.

Why you should buy the 13-inch Apple MacBook Air M3

Read more
This HP Chromebook is under half-price today — just $190
The HP Chromebook 14 laptop on a white background.

You should turn your attention towards Chromebook deals if you want to buy a new laptop on a tight budget, and we've found an offer that you won't want to miss. From its original price of $410, the HP Chromebook 14 is down to just $190 for savings of $220 from Walmart. You won't always have the chance to get this device for less than half-price though -- in fact, the opportunity may be gone as soon as tomorrow. If you want to take advantage of the discount, you need to buy the Chromebook right now.

Why you should buy the HP Chromebook 14

Read more
Avast’s most complete antivirus plan is 70% off right now
Couple making selfie inside car with open window.

Avast has been popping off with incredible deals this month. The antivirus company recently offered 70% off its Premium tier of virus protection. For the next 30 days, Avast is extending that offer to its Ultimate tier of protection. That means you can protect one device with Avast Ultimate for $33 for a year, down from its usual $110. If you want to cover 10 devices, you'll only pay $42 instead of $140.

Let's dive into what Avast Ultimate offers and why you might want it over the free tier or the Premium plan. This deal is live now, and will stick around for the next four weeks.

Read more