from the plosives-galore dept.
Submitted via IRC for Bytram
Thousands of websites around the world – from the UK's NHS and ICO to the US government's court system – were today secretly mining crypto-coins on netizens' web browsers for miscreants unknown.
The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.
This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud's source code – to silently inject Coinhive's Monero miner into every webpage offering Browsealoud.
For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper.
Other sites have used cryptocurrency mining in lieu of (or in addition to) advertising. Sometimes, it's done surreptitiously without users' consent — The Pirate Bay admitted to secretly adding Coinhive integration last year, and hackers have planted mining malware on other sites. In this case, it's an opt-in program; a spokesperson tells FT that testing started on Monday.
Salon has an FAQ explaining this move.
Also at Ars Technica.
PolitiFact Hacked to Mine Cryptocurrency Using Visitors' Web Browsers
Wi-Fi at Starbucks Buenos Aires Has Computers Mine Crypto-Currency
Bitcoin Hype Pushes Hackers to Lesser-Known Cryptocurrencies
Thousands of Websites Hijacked by Hidden Crypto-Mining Code After Popular Plugin Pwned