More than 4,200 websites were infected with crypto-mining malware on Sunday, according to a report in The Register. The scheme used Browsealoud – a popular plugin that provides audio readings of web content for visually impaired internet users – to infect websites with the Coinhive Monera-mining malware. Browsealoud is used in many government websites around the world.
The infected websites included UK government sites like the Student Loans Company, the Financial Ombudsman Service, and Manchester.gov.uk – as well as government sites in Australia, Sweden, and other countries that utilize Browsealoud for their citizens.
Government sites in the United States were not immune either, as the country's main website for court information, uscourts.gov, was also affected.
Sunday’s attack was reportedly discovered by UK security expert Scott Helme. Browsealoud maker Texthelp also claims to have detected the malware file modifications and has issued a statement confirming that no customer data was involved in the incident. Company CTO Martin McKay described Texthelp’s response:
“In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year. Our data security action plan was actioned straight away and was effective, the risk was mitigated for all customers within a period of four hours.”
“Texthelp has in place continuous automated security tests for Browsealoud - these tests detected the modified file and as a result the product was taken offline. This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.”