Thousands of websites hijacked by cryptocurrency mining kits

Many government and other websites were hijacked to mine the cryptocurrency Monero on Sunday. A list of affected websites can be viewed here: Texthelp Browsealoud security issue

The malicious code was first spotted by UK-based infosec consultant Scott Helme, and confirmed by The Register. He recommended webmasters try a technique called SRI – Subresource Integrity – which catches and blocks attempts by hackers to inject malicious code into strangers’ websites.

The Browsealoud plugin adds that speech, reading, and translation functions to websites. The Register highlighted that the affected websites used the plugin Browsealoud, which is produced by Texthelp Limited. Texthelp said a JavaScript file which is part of the Browsealoud product was compromised during a cyberattack.

“The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency,” said Texthelp.

Texthelp CTO Martin McKay said its automated security tests for Browsealoud detected the modified file, and as a result the product was taken offline.

“This removed Browsealoud from all our customer sites immediately, addressing the security risk,” he said.

The company added that no customer data has been accessed or lost, and that the exploit was active for a period of four hours.