Cryptocurrency Miners Infect US and UK Government Sites

Over 4,000 websites, including uscourts[.]gov, ico[.]org[.]uk, and Manchester[.]gov[.]uk were affected by a supply-chain style attack when hackers compromised the BrowseAloud plugin, a TextHelp software product designed to improve website accessibility for disabled users. The hackers behind the campaign added a cryptocurrency-mining script to a file used in the BrowseAloud plugin to exploit website visitors’ browsers and use their systems’ CPUs to generate Monero cryptocurrency without their knowledge and consent. TextHelp temporarily took their BrowseAloud product offline and issued a statement regarding the attack. A list of affected websites is available hereThe NJCCIC recommends all website owners and administrators regularly examine their websites for unauthorized changes, unusual behavior, and cryptocurrency-mining JavaScript code, and remediate as soon as possible. Additionally, we recommend keeping website platforms and plugins up-to-date, close all unnecessary ports on website servers, protect administrator accounts with unique, complex passwords and two-factor authentication, and consider implementing a web application firewall. We recommend all internet users consider installing a reputable ad-blocking, script-blocking, and coin-blocking extension on their browser of choice.