UK ICO, USCourts.gov…Thousands of websites hijacked by hidden #Monero crypto-mining code.

Biz scrambles to shut down crafty coin crafting operation.

Thousands of websites around the world – from the UK’s NHS and ICO to the US government’s court system – were today secretly mining crypto-coins on netizens’ web browsers for miscreants unknown.

The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.

This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud’s source code – to silently inject Coinhive’s Monero miner into every webpage offering Browsealoud.

For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper.

A list of 4,200-plus affected websites can be found here: they include The City University of New York (cuny.edu), Uncle Sam’s court information portal (uscourts.gov), Lund University (lu.se), the UK’s Student Loans Company (slc.co.uk), privacy watchdog The Information Commissioner’s Office (ico.org.uk) and the Financial Ombudsman Service (financial-ombudsman.org.uk), plus a shedload of other .gov.uk and .gov.au sites, UK NHS services, and other organizations across the globe.

Manchester.gov.uk, NHSinform.scot, agriculture.gov.ie, Croydon.gov.uk, ouh.nhs.uk, legislation.qld.gov.au, the list goes on.

The Monero miner was added to Browsealoud’s code some time between 0300 and 1145 UTC: here’s a clean copyof its JavaScript, and the hacked version. Coinhive’s code is mostly detected and stopped by antivirus packages and ad-blocking tools. The miner perishes when you close the browser tab, so if you have visited one of the affected sites, your computer shouldn’t be infected: the code only runs while the tab is open.

Source: UK ICO, USCourts.gov… Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned