google-site-verification: google30a059f9a075f398.html

U.S. and U.K. Government Websites Among Thousands Infected by Cryptocurrency Miner

CyberWisdom Safe Harbor Commentary on  Cryptocurrency Miner

A must-read story from admits the websites of many governments, health and education agencies around the world were infected with cryptocurrency miners over the weekend and then maliciously modified everyone’s scripts.

Cryptocurrency miner

The culprit is Browsealoud, a script developed by Texthelp that adds “speech, reading and translation” to the site. The software is designed to provide access and participation opportunities for dyslexic, low-literacy, English-speakers, the company said, with mild visual impairment.

On weekends, Texthelp became the target of cyber attacks, causing a JavaScript file to become part of the Browsealoud script and be modified. As a result, Browsealoud injects a Coinhive crypto script into the visitor’s browser, turning it into a cryptocurrency excavator.

“On Sunday, February 11, 2018, at 11:14 a .m., a JavaScript file that was part of the Texthelp Browsealoud product was compromised during a cyberattack. Attackers added malicious code to the file to try using the browser CPU It was a criminal act and was under investigation thoroughly, “the company disclosed in a blog post.

Cryptocurrency miner attack

As a result of this attack, many government websites in the United Kingdom, the United States, and Australia are infected with cryptographic mining software.

As pointed out by Scott Helme, a researcher who quickly discovered malicious scripts, a total of 4275 websites were affected by the attack, including well-known websites such as the Office of the British Information Commissioner, the NHS, the General Medical Council, U.S. courts, academic websites And many others.

“Ba.js has been changed to include a document.write call that adds a CoinHive crypto miner to any page it loads, affecting a large number of sites, some of which are very important government websites,” Helme said.

The reason that so many sites are affected is not only the easy-to-use Browsealoud promises, since administrators only need to copy and paste a script to take advantage of it, and they also have to comply with the regulatory requirements that many sites need to comply with, especially on government sites.

Not long after being aware of the cause of the infection, Helme informed Texthelp that the company decided to go offline with Browsealoud and immediately remove it from all client websites. The company claims that reducing the product allows them to solve the problem without requiring the customer to take action.

“Texthelp can report no customer data was accessed or lost. The company has thoroughly examined the affected files and confirmed that it did not redirect any data, it just used a computer CPU to try to generate cryptocurrencies.” This exploit took advantage of the four An hour, “said Martin McKay, CTO and data security officer at Texthelp.

McKay also pointed out that although the problem has been resolved, Browsealoud will remain offline until Tuesday, so that customers can understand the issue. He also pointed out that no other Texthelp products are affected.

“Security reviews will be conducted by an independent security consultant, and investigations are underway and customers will receive further updates as security surveys are completed,” concludes McKay.

The National Cyber Security Center also said they are studying the incident.

“The affected services have been taken offline to a great extent to ease the problem, and government websites continue to operate safely, with no signs of public members being at risk during this phase,” the NCSC said.

However, it seems that this issue may not be completely resolved, as Helme pointed out on Twitter. Researchers claim that even today, when visiting the website of the UK Information Commissioner’s Office, malicious scripts may try to load, possibly from the cache. This means that returning visitors may still be affected.

Read more…

The attack could have been averted through a technique called subresource integrity, according to researcher Scott Helme…. Engaging post, Read More…

thumbnail courtesy of

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » U.S. and U.K. Government Websites Among Thousands Infected by Cryptocurrency Miner

Add a Comment

Your email address will not be published. Required fields are marked *