Monday, July 15, 2024

Attackers Hijacked 4275 Websites Including U.S. & UK Govt Sites to Run Cryptocurrency Mining Script

Attackers hijacked 4275 websites to inject Coinhive Monero miner including the websites of government authorities(, NHS Foundation (, and Crypto-Mining Attacks are one of the biggest emerging threats for enterprises. And the recent trend is more mainstream and is done directly via web pages.

One thing in common for all the infected websites is Browsealoud plugin provided by texthelp that adds speech, reading, and translation to the website has been compromised and it’s host scripts was modified.

The mining script was first noticed by Information Security Consultant Scott HelmeIf you want to load a crypto miner on 1,000+ websites you don’t attack 1,000+ websites, you attack the 1 website that they all load content from“Helme said.

Crypto-Mining Attacks

Attackers altered the ba.js file and include document.write call that adds Coinhive crypto miner to any number of the page that loaded in to.

What’s Coinhive?

Coinhive offers a JavaScript miner for the Monero Blockchain that can be embedded into other Web sites. The users run the miner directly in their Browser and mine XMR for the site owner in turn for an ad-free experience, in-game currency or whatever incentives they are availing to their users/visitors.

With further investigation, Helme identified a number of sites have been injected including the government websites of numerous countries.Here is the affected websites list.

Texthelp the plugin provider confirmed it was hacked on 11.14am on Sunday and the hack lasts for four hours. Now the plugin was temporarily taken down by Texthelp.

Texthelp data security officer Mr. McKay said: “Texthelp has in place continuously automated security tests for Browsealoud, and these detected the modified file and as a result, the product was taken offline”.

At GBHackers last November we identified a very popular torrent sharing fake site added coinhive mining script.

Preventive Measures – Crypto-Mining Attacks

Helme suggested adding SRI Integrity attribute to the website which forces the browser to check the integrity, which allows it to reject the file. He has written an article explaining how to add SRI Integrity Attribute.

If you are a normal user, install AdGuard’s extension on your browser and you will be good to go.

If you are a geek, you would already probably know the trick. Hint: Use script blockers like uBlock Origin.

we suggest our users to be extra cautious while visiting sites on the internet from now on. And if you like some website or a blog and want to support them, you may allow them to mine crypto-currency using your computer’s energy.


Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles