Government websites hijacked by hackers to mine cryptocurrency
- Author: Israel Montgomery Feb 15, 2018,
Feb 15, 2018, 1:19
The compromised plugin is called Browsealoud, which helps visually impaired people to access text on websites.
Is your antivirus software ready for a mining malware attack? If a hacker wants to infect four thousand websites it's likely to be a lot less effort tamper with one third-party script which is used by four thousand websites than compromise each website one-by-one. Helme suggested government websites must be held to a higher security standard. "It was only limited by the hackers' imaginations", adding that because the malware only runs while users actively visit an infected website, there will not be exposed to further risk.
IBoot Source Code Leaked onto GitHub
Now that it gathered attention, Apple filed a copyright takedown request to Github , forcing the site to take down the code. In any case, Apple will have enough time to secure things up and might issue a patch to cover any risks posed by the leak.
There were a number of reports late past year concerning websites featuring drive-by cryptomining-a practice that uses the CPUs of visitors to surreptitiously mine crytpocurrencies.
"Cybercriminals are clearly recognizing that they can make a quick buck from the world's growing fixation with cryptocurrencies".
According to The Register, which first reported the story, the problems reportedly started just before midday yesterday when the malicious code was inserted by hackers into a popular website plugin called Browsealoud, made by British firm Texthelp.
The Information Commissioner's Office (ICO) was one of those affected, and had to shut down its website.
Hours of freezing rain for Quebec
Freezing rain will add an icy sheen to Toronto's rooftops, roadways, and sidewalks over the course of Sunday. Snow mixed with ice pellets may accumulate 2cm to 5cm by Sunday morning before changing to freezing rain.
Over the weekend, a piece of malware embedded in software created to help those with difficulty reading led to thousands of websites mining cryptocurrency, some of which were operated by government organizations. Sites affected include those of the US court information system, the UK's National Health Service and Australian legislatures, The Register reported.
The mining only took place for several hours on February 11th before Texthelp disabled the plugin to investigate. This software has frequently breached, and in many cases succeeded in thousands of instances, having now targeted websites within the government itself across the United States and United Kingdom. After digging for more information, he found that every webpage on the website was compromised by a Coinhive script loaded from a third-party library, not by some code hosted by ICO themselves.
More snow and ice forecast for Sunday
A spokesman said: "A very cold westerly airstream will bring frequent snow showers to many western and central areas on Sunday ". It will clear overnight with wintry showers following and with frost and ice developing.