Skip to main content

Government websites fall prey to a plugin injected with a digital coin miner

government monero
Image used with permission by copyright holder

Thousands of websites relying on the Browsealoud plugin developed by U.K.-based Texthelp recently fell prey to a hack that secretly ran a cryptocurrency mining script in the background of visiting PCs. Websites use this specific plugin for visually impaired visitors so they can hear content, but on Sunday, February 11, someone managed to alter the plugin’s code to run Coinhive’s controversial JavaScript-based Monero digital currency miner. 

Because it’s based on JavaScript, administrators can easily insert Coinhive’s miner into a webpage. It runs in the background while visitors browse the website, silently mining digital coins using their PC’s processor. The CPU use can be extremely apparent if you know what’s going on, otherwise, the average web surfer may simply shrug off the slow performance as typical Windows or web-based processes slowing down the machine. The mining stops once web surfers leave the offending page. 

The altered Browsealoud plugin began mining Monero Sunday morning on more than 4,200 websites spanning the globe, including governments, organizations, and schools. Among them was the State of Indiana, the U.S. court information portal, the City University of New York, the U.K.’s National Health Service, the U.K.’s Student Loans Company, and many more. 

Most websites typically rely on plugins to pull content and tools from third-party developers. These can include translators, shopping baskets and ecommerce, menus, and so on. But the discovery of Coinhive’s miner in Browsealoud points to the possibility that if a hacker could gain access to one plugin for malicious purposes, thousands of websites could suffer. 

Plugin content typically resides on a remote server and sent to the target web page using a secure connection. The problem is that there is no real system to authenticate the actual content. Thus, someone with access to the content could easily inject malicious code, and the resulting websites using the plugin would serve up the malicious content despite registering the server as secure. 

One method to fix this problem is called Subresource Integrity. It comprises of two HTML elements with an “integrity” attribute that relies on a cryptographic hash. If the number provided to the website doesn’t match the number associated by the content, then the website can catch and block the malicious code. Unfortunately, this isn’t a widely used technique, but the recent issue with Browsealoud may convince more websites to utilize the Subresource Integrity method. 

Coinhive’s miner was reportedly only active in the Browsealoud plugin for a few hours before Texthelp pulled the plug. And although the outcome was apparently only to generate digital coin, the company still considers the hack as a criminal act. 

“Texthelp has in place continuous automated security tests for Browsealoud — these tests detected the modified file and as a result, the product was taken offline,” Texthelp Chief Technical Officer Martin McKay said in a statement. “This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.” 

Texthelp is currently working with the National Crime Agency and the National Cyber Security Agency to hunt down the hacker(s). 

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
The Vision Pro 2 may already be dead
Apple Vision Pro

According to reports from The Information, Apple is working on a cheaper non-Pro version of the Vision Pro headset -- and hitting pause on the development of the next high-end model. These rumors come from people involved with the supply chain and manufacturing of the Vision Pro, who claim that Apple has told at least one supplier that it's stopping work on the next Vision Pro.

Just like any other Apple product with "Pro" in its name, the Vision Pro was always meant to be part of a lineup of multiple models, so it's not too much of a surprise that a cheaper model is in the works. What is surprising, however, is that there may not be a second generation of the Vision Pro released alongside it -- at least not anytime soon.

Read more
Whatever you do, don’t click this error if you see it pop up
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

Hackers have devised a new, deceptive method to trick users into installing a malware named ClickFix, according to cybersecurity firm Proofpoint. The scheme involves enticing users with fake solutions to common errors in popular services such as Chrome, OneDrive, and Microsoft. Once users download and execute these "fixes" by clicking the Copy fix button, they unwittingly run a PowerShell or a Windows Run dialogue command that compromises their systems.

This dialogue installs a "root certificate" to flush the DNS cache, remove the clipboard content, show a fake message, and install an additional remote PowerShell script that does an anti-VM check before the info-stealer is installed. Various hacker groups, including those responsible for ClearFake, allegedly use this method. Proofpoint details how hackers exploit jeopardized sites by incorporating a malicious script handed over by Binance's Smart Chain contract on the blockchain to spread malware and infect susceptible Windows computers.

Read more
Samsung claims the next era of DRAM will be a ‘breakthrough’
A Samsung HBM3 memory chip.

Samsung is readying up some pretty groundbreaking tech: stacking memory on a CPU or a GPU to potentially drastically improve performance. Switching to this technique may affect performance, power efficiency, and capacity. Unfortunately, many of us will never directly experience the benefits of this, as Samsung is going to use its high-bandwidth memory (HBM), meaning we won't find it even in the best graphics cards available.

The tech in question involves a new 3D packaging method that belongs to Samsung's Advanced Interconnect Technology (SAINT) platform, with this latest iteration being dubbed SAINT-D. Each variant involves a different 3D stacking technology, with SAINT-S stacking the SRAM die on top of the logic die; SAINT-L stacking logic; and finally, SAINT-D stacking HBM memory on top of logic chips, meaning either CPUs or GPUs.

Read more