The damaged websites (4275) include the UK NHS, the Office of the Information Commissioner (ico.org.uk), slc.co.uk, cuny.edu, and the US government’s court system.
ICO also closed its website once it found that some sites were attacked by hackers.
Affected sites use the Browsealoud plug-in, which can be accessed by blind or visually impaired people by reading it.
Within a time window of about 7 hours (UTC 0300 to 1145), all websites using Browsealoud ran the Monero cryptocurrency mining code inadvertently.
The attacker injected a vague version of the mining code into the plug-in that could load the mining code on the web page once it was converted from hex to ASCII.
Experts suggest using sub-resource integrity (SRI) techniques to stop injecting unneeded code into affected sites.
Texthelp, the developer of the Browsealoud plug-in, has removed its Browsealoud code from the Web to stop encrypting money-mining operations.
Text McHay CTO Martin McKay said in a statement: “We are always prepared for this incident last year in the light of the other recent cyber attacks around the world and our data security action plan is taking immediate action.
“Texthelp has conducted continuous automated security testing for Browsealoud and these detected modified files and the resulting product was taken offline.”
Texthelp confirms that “no customer data has been accessed or lost,” and “Customer will receive further updates upon completion of the Security Investigation.”
Thousands of websites worldwide hijacked by a cryptocurrency mining code due to the hack of the popular Browsealoud plugin. A massive attack hit thousands of websites around the world, crooks deployed Coinhive scripts forcing them to secretly mine cryptocurrencies on visitors’ browsers. The list of compromised websites (4275) includes the UK’s NHS, Information Commissioner’s Office (ICO) (ico.org.uk), the UK’s… Engaging post, Read More…
thumbnail courtesy of securityaffairs.co
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »