Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday February 13 2018, @12:51PM   Printer-friendly
from the plosives-galore dept.

Submitted via IRC for Bytram

Thousands of websites around the world – from the UK's NHS and ICO to the US government's court system – were today secretly mining crypto-coins on netizens' web browsers for miscreants unknown.

The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.

This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud's source code – to silently inject Coinhive's Monero miner into every webpage offering Browsealoud.

For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper.

Source: https://www.theregister.co.uk/2018/02/11/browsealoud_compromised_coinhive/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Wednesday February 14 2018, @07:05AM

    by Anonymous Coward on Wednesday February 14 2018, @07:05AM (#637497)

    Problem here is NOT Javascript. It's all these stupid-ass morons "content developers" pulling Javascript shit from all over the internet.

    Just about every non-trivial website on the planet loads in resources provided by other companies and organizations – from fonts and menu interfaces to screen readers and translator tools. If any one of these outside resources is hacked or tampered with to perform malicious actions, such as mine crypto-coins, all the websites relying on that compromised resource will end up pulling the evil code onto their pages and into visitors' browsers.

    And this is not just some idiots with blogs. We are talking about banks and similar places, where this shit can affect your livelihood. It's almost like they are too cheap or stupid to host their own copies.

    This stuff is only possibly because of this idiocracy in the web development world.