from the plosives-galore dept.
Submitted via IRC for Bytram
Thousands of websites around the world – from the UK's NHS and ICO to the US government's court system – were today secretly mining crypto-coins on netizens' web browsers for miscreants unknown.
The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.
This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud's source code – to silently inject Coinhive's Monero miner into every webpage offering Browsealoud.
For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper.
« How Close are we to Peak Social Media? | Watch Netflix in 1080p on Linux and Unsupported Browsers »
Other sites have used cryptocurrency mining in lieu of (or in addition to) advertising. Sometimes, it's done surreptitiously without users' consent — The Pirate Bay admitted to secretly adding Coinhive integration last year, and hackers have planted mining malware on other sites. In this case, it's an opt-in program; a spokesperson tells FT that testing started on Monday.
Salon has an FAQ explaining this move.
Also at Ars Technica.
PolitiFact Hacked to Mine Cryptocurrency Using Visitors' Web Browsers
Wi-Fi at Starbucks Buenos Aires Has Computers Mine Crypto-Currency
Bitcoin Hype Pushes Hackers to Lesser-Known Cryptocurrencies
Thousands of Websites Hijacked by Hidden Crypto-Mining Code After Popular Plugin Pwned