Massive Cryptojacking Attack Hits Thousands of Websites, Government
A massive cryptojacking attack affected thousands of websites today, causing them to hijack visitors’ computers and mine Monero. Included in the attack were the websites of many government agencies based in the US, UK and around the world. The list of infected websites includes some of the UK’s National Health Service sites and the UK’s Information Commissioner’s Office.
The attack was accomplished by compromising a popular plugin called Browsealoud, which is used in reading websites aloud for the visually impaired. Obfuscated code containing the miner was somehow injected into Browsealoud’s code.
According to TechCrunch, researchers Scott Helme and Ian Trump discovered the miner. On Twitter Helme pointed out the good fortune that, although attackers had the chance to run code on many sensitive government websites, they used it for relatively innocuous purposes:
The more I think about this the worse it becomes. Attackers had arbitrary script injection on thousands of sites including many NHS websites here in England. Just stop and think for a few moments about what exactly they could have done with that capability… 😱
— Scott Helme (@Scott_Helme) February 11, 2018