Groups Similar Search Look up By Text Browse About

Government websites have quietly been running cryptocoin mining scripts


A security researcher has discovered thousands of legitimate websites — many belonging to local governments and government agencies — running scripts that secretly force visitors computers to mine cryptocoins. In the UK, both the websites of the Information Commissioners Office and the Student Loan Company have found to be affected. The mining scripts were also found on the websites of the General Medical Council and NHS Inform. Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site… On the other side of the pond, the websites belonging to the Indiana Government and the US courts system were also discovered to be running the CoinHive mining software. The issue stems from a piece of software called BrowseAloud, which is embedded on all affected sites. BrowseAloud offers accessiblity services, assisting those with literaracy or visual impairments to access government services and information. There is no suggestion of wrongdoing by the aforementioned sites, nor TextHelp (the owner of BrowseAloud). It appears that at some point on Sunday, an unknown third-party modified BrowseAloud to covertly inject the CoinHive mining software. TextHelp has since withdrawn the BrowseAloud plugin while it addresses the issue. It seems like the @texthelp script file was modified between Sun, 11 Feb 2018 02:58:04 GMT and Sun, 11 Feb 2018 13:21:56 GMT according to the @internetarchive: Cryptojacking is a problem most commonly associated with the seedier aspects of the Internet. Some sites often struggle to attract typical advertisers: like those in the porn and file sharing spaces. In order to keep the lights on, they instead resort to using their visitors spare CPU power to mine cryptocoins. On one hand, cryptojacking is less visibly intrusive than traditional advertising. Thats not much off a defense though, and it comes with several major downsides. Users with these scripts running find their computers inexplicably slower. Their machines might also run hot. If theyre on a mobile device, battery life will be adversely affected. Its pretty astonishing to see cryptojacking scripts running on legitimate government webpages. In this case, security researchers identified the issue quickly. The biggest takeaway from this episode is that, no matter your browsing habits, cryptojacking is a threat you should protect yourself from. The most well-known content blocker that explicitly deals with cryptojacking is No Coin. This plugin is available for Firefox, Chrome, and Opera. Should you want something thats baked deeply into the browser, both the desktop and mobile versions of Opera come with cryptojacking protections baked in.

Cryptomining malware spread via US, UK and Australian government sites


Government websites in the US, UK and Australia have been serving visitors cryptomining malware after a third-party service was compromised. The sites are among more than 4,000 affected on Sunday, according to security researcher Scott Helme, after a third-party service they used was infected with the Coinhive cryptocurrency miner. In the UK, affected websites included the Information Commissioner's Office, the Student Loans Company, and the UK National Health Service (NHS) Scotland; in the US, uscourts.gov; and in Australia, the Queensland government portal. The compromised service used by all these sites was the Browsealoud JavaScript library, which makes websites accessible via screen reading and translation tools. The incident demonstrates the dangers of not properly securing pages that load in JavaScript libraries hosted by a third party, said Helme, particularly since such libraries are tempting targets for hackers. " If you want to load a crypto miner on 1,000+ websites you don't attack 1,000+ websites, you attack the 1 website that they all load content from," he writes. It leader's guide to the threat of fileless malware (Tech Pro Research). To guard against such exploits, Helme says all sites loading third-party JavaScript libraries should include the Sub Resource Integrity attribute in the HTML script tag that loads the library, as outlined here. " In short, this could have been totally avoided by all those involved even though the file was modified by hackers," the researcher says. "I guess, all in all, we really shouldn't be seeing events like this happen on this scale to such prominent sites. " Helme found that the Browsealoud library was updated to include the cryptocurrency miner at around 3am GMT on Sunday, and the malware appears to have been served to website visitors during a four-hour period that day. Texthelp says Browsealoud has since been removed from "all our customer sites", and added that no customer information was exposed. However, the ICO website was still offline at the time this article was published. Commenting on the incident, a spokesperson for the UK National Cyber Security Center (NCSC), part of the intelligence agency GCHQ, said there is "nothing to suggest that members of the public are at risk", but added that its experts were examining the incidents. The infected script was served via the US Courts website. Also see