CyberWisdom Safe Harbor Commentary on Cryptocurrency Miner
The culprit is Browsealoud, a script developed by Texthelp that adds “speech, reading and translation” to the site. The software is designed to provide access and participation opportunities for dyslexic, low-literacy, English-speakers, the company said, with mild visual impairment.
Cryptocurrency miner attack
As a result of this attack, many government websites in the United Kingdom, the United States, and Australia are infected with cryptographic mining software.
As pointed out by Scott Helme, a researcher who quickly discovered malicious scripts, a total of 4275 websites were affected by the attack, including well-known websites such as the Office of the British Information Commissioner, the NHS, the General Medical Council, U.S. courts, academic websites And many others.
“Ba.js has been changed to include a document.write call that adds a CoinHive crypto miner to any page it loads, affecting a large number of sites, some of which are very important government websites,” Helme said.
The reason that so many sites are affected is not only the easy-to-use Browsealoud promises, since administrators only need to copy and paste a script to take advantage of it, and they also have to comply with the regulatory requirements that many sites need to comply with, especially on government sites.
Not long after being aware of the cause of the infection, Helme informed Texthelp that the company decided to go offline with Browsealoud and immediately remove it from all client websites. The company claims that reducing the product allows them to solve the problem without requiring the customer to take action.
“Texthelp can report no customer data was accessed or lost. The company has thoroughly examined the affected files and confirmed that it did not redirect any data, it just used a computer CPU to try to generate cryptocurrencies.” This exploit took advantage of the four An hour, “said Martin McKay, CTO and data security officer at Texthelp.
McKay also pointed out that although the problem has been resolved, Browsealoud will remain offline until Tuesday, so that customers can understand the issue. He also pointed out that no other Texthelp products are affected.
“Security reviews will be conducted by an independent security consultant, and investigations are underway and customers will receive further updates as security surveys are completed,” concludes McKay.
The National Cyber Security Center also said they are studying the incident.
“The affected services have been taken offline to a great extent to ease the problem, and government websites continue to operate safely, with no signs of public members being at risk during this phase,” the NCSC said.
However, it seems that this issue may not be completely resolved, as Helme pointed out on Twitter. Researchers claim that even today, when visiting the website of the UK Information Commissioner’s Office, malicious scripts may try to load, possibly from the cache. This means that returning visitors may still be affected.
The attack could have been averted through a technique called subresource integrity, according to researcher Scott Helme…. Engaging post, Read More…
thumbnail courtesy of threatpost.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »