Australian sites compromised by malware that forces visitors’ computers to mine cryptocurrency

By on
A man types on a computer keyboard Reuters/Kacper Pempel

Some Australian government websites appear to have been used by hackers in cryptojacking, in which computers are secretly forced to mine cryptocurrency. The Queensland government's legislation website, the Queensland Civil and Administrative Tribunal and the Victorian Parliament were reportedly affected.

The process forces a visitor’s computer to mine cryptocurrency without their consent. Hackers are able to generate profit through crypto-jacking.

The Queensland ombudsman’s official website, the Queensland legislation website and the Queensland Community Legal Centre homepage were also impacted by the cryptojacking attack, The Guardian reports. The Queensland legislation website had taken further steps to get rid of the malicious script.

The malware has infected government sites on Sunday after a browser plug-in made by a third-party was compromised. The sites of UK’s own data protection watchdog and UK’s National Health Service were supposedly hit along with other websites.

UK security researcher Scott Helme said the malicious software was "definitely mining." He said he learned about the compromised JavaScript file on Sunday morning.

After a friend's anti-virus program set out an alert on the site of the UK Information Commissioner's Office, Helme found the malicious script and traced it back to its source: Browsealoud. The website plug-in helps people with dyslexia, low vision and low literacy use the internet.

Hackers inserted a script called Coinhive, the makers of Browsealoud, Texthelp, has confirmed. Coinhive hijacks the processing power of a user’s computer to mine Monero. Texthelp took the Browsealoud plugin offline on Monday morning.

"If you want to load a crypto miner on 1,000+ websites you don't attack 1,000+ websites, you attack the 1 website that they all load content from," Helme wrote on his blog. An analysis suggested that the software was online for about four hours before Texthelp acted.

The hack added the Coinhive program to the impacted websites. It has the ability to utilise computer power to mine Monero when the browser window was loaded. Helme suggested government websites must be held to a higher security standard.

Texthelp's chief technology officer Martin McKay has released a statement, saying the compromise was a criminal act. "Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline," he added.

According to the UK National Cyber Security Centre, there is nothing to suggest that members of the public are at risk at this point. It is now investigating the incident.

TomoNews US/YouTube