Australian sites among thousands hacked to include mining script

Anonymous hackers and activists

Thousands of government websites have been hijacked by code which made visitors’ computers run cryptocurrency mining software

Websites such as the UK's NHS and ICO to the United States government's court system were just some of the 4,200 sites infected with a malicious version of a widely used tool known as Browsealoud from British software maker Texthelp, which reads out webpages for people with vision problems.

Coinhive is a cryptojacking script that works by turning the computers of site visitors into crypto mining rigs, potentially giving the hackers access to the processing power of millions of machines.

The Queensland Government legislation website appears to be among the Australian sites affected.

The malware have infected government sites on Sunday after a browser plug-in made by a third-party was compromised.

Scott Helme, a UK-based security researcher, has uncovered that a cryptocurrency mining script was injected in Text Help's accessibility services plugin called BrowseAloud.

Anderson defends Olympic gold in blustery slopestyle final
She is now tied with four other athletes as the only the snowboarders to win two gold medals at the Olympic Winter Games. Finland's Sochi Olympic silver medallist Enni Rukajarvi and Austrian favourite Anna Gasser were among those to struggle.

"We don't know how Texthelp were compromised yet, so it is hard to say whether they were really unlucky or there was some kind of inherent problem with what they were doing".

"Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline", he added. It may have been hard for a small website, but I would have thought on a government website we should have expected these defence mechanisms to be in place. Over the weekend, the website of the UK's data protection watchdog, the Information Commissioner's Office, was taken offline to deal with the infection.

"The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers CPUs to attempt to generate cryptocurrency".

Britain's National Cyber Security Centre said the issue was being investigated, and there was nothing to suggest the public was at risk. Other Ausralian sites hit by this attack are the Casey council in Victoria and Queensland's Urban Utilities site.

Latest News