When online security consultant Scott Helme was shown warnings a friend had received from visiting a UK government website, he couldn’t imagine that he was about to uncover one of the biggest cases of crypto-jacking we’ve ever seen.
The first example which came to light was the UK’s Information Commissioner’s Office (not to be confused with the initial coin offering type of ICO). Users of that website yesterday were unwittingly mining Monero through the Coinhive malware.
Further investigation revealed that the culprit was the Browsealoud plugin used on the website, a feature for the visually impaired which will read out the website’s content. Such plugins are commonly used by developers to avoid the need to reinvent the wheel on every website. However, if one plug-in is compromised, multiple websites may be infected.
In this case it turned out that among the thousands of users of the Browsealoud plugin were government agencies from around the world, all of whom seem to have had their websites infected. Examples of compromised sites include the UK’s Student Loans Company, many local government sites and the US Courts.
Texthelp, the company behind Browsealoud, confirmed to Sky News that their plugin had been compromised yesterday at 11.14 GMT and that the mining software was live for four hours.
Their security officer, Martin McKay, said that an automated security test had noticed the problem and taken the software offline and that “this removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.” He also confirmed that, “no customer data has been accessed or lost.”
A spokesman for the UK’s National Cyber Security Centre said that they were examining the problem, that “the affected service has been taken offline, largely mitigating the issue” and that “Government websites continue to operate securely”.
The software only mines while the browser tab is open, so there is no question of users’ computers being infected.
This is just the latest in a series of instances of unwitting Monero mining that have come to light of late. Argentinian Starbucks customers, online video streamers and the world’s biggest oil pipeline company have all fallen victim to similar schemes in the last few months.
Image From Shutterstock