Thursday, 25 April 2019
Latest news
Main » Australian sites among thousands hacked to include mining script

Australian sites among thousands hacked to include mining script

12 February 2018

It was only a few hours ago when I reported that the United Kingdom government has been hit with cryptocurrency mining malware, but now a bunch of Australian government websites have been compromised.

A browser plugin named Browsealoud, made by the British site Texthelp, which reads out text to those who are visually impaired, appears to have been hacked and infused with a script to mine for the Monero cryptocurrency. Here's a full list of the websites that were affected by the hack.

Coinhive is a cryptojacking script that works by turning the computers of site visitors into crypto mining rigs, potentially giving the hackers access to the processing power of millions of machines.

More news: Saudi Ritz-Carlton used as prison re-opens to the public

Britain's National Cyber Security Centre said the issue was being investigated, and there was nothing to suggest the public was at risk.

"When you load software like this from a third party, that third party can change it and make it do whatever they want", he said. "It may have been hard for a small website, but I would have thought on a government website we should have expected these defence mechanisms to be in place". "The Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Tuesday 12.00pm GMT".

"The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency", said Texthelp.

More news: Winter Olympics 2018: Snowboarder Jamie Anderson gives Team USA its second gold

This meant that rather than having the crypto-miner on one website, it was loaded onto thousands of websites running the Texthelp application, including several Australian government websites such as the Queensland government's legislation page; the Victorian parliament website; the Queensland Department of Education's website; and several local council websites in Victoria and WA.

"Texthelp can report that no customer data has been accessed or lost", the company said.

More news: Kendrick Lamar releases 'Black Panther' Soundtrack

Australian sites among thousands hacked to include mining script