A hack of a popular plug-in infected thousands of websites with crypto-mining software.
Thousands of sites, including those in the UK healthcare system, numerous universities, as well as UK, US, and Australian authorities, had unnoticed crypto-miners. These use the computing power of the website visitors to calculate crypto currencies. Like many other attackers, the Monero script was used on the Coinhive platform.
The numerous prominent victims are due to a hack of the popular plug-in Browsealoud, which is developed by the British company Texthelp. Browsealoud reads the content of websites for people with visual disabilities. The attackers smuggled the code into the plug-in and were suddenly represented on thousands of websites.
Developer promises investigation
How much the attackers could capture is unclear. However, the code was apparently inserted between 4 o’clock and 12:45 o’clock on Sunday. At 17 o’clock the faulty code was removed, the service was also offline for security reasons. Texthelp promised a comprehensive investigation of the incidents, but customer data had never been in danger.
The incident was first discovered by IT security expert Scott Helme, The Register reported a little later. Helmets recommends that Web sites should use a technique called SRI (Subresource Integrity) to protect against such attacks. The browser can use a hash value to check whether the downloaded script has been manipulated by third parties. The 4200 Web sites affected by the text-hack hack had not implemented this technology.