Hackers target Australia, UK government websites with crypto-jacking malware
The process forces a user’s computer to mine cryptocurrency, which in this case was the coin Monero
A series of Australian government websites, including the Victorian parliament’s, have been compromised by malware that forces visitors’ computers to secretly mine cryptocurrency, as part of a worldwide security breach.
The process, known as crypto-jacking, forces a user’s computer to mine cryptocurrency without their permission, generating profits for the hacker.
Government websites were infected with the malware on Sunday after a browser plug-in made by a third-party was compromised. Thousands of sites, including the Britain’s National Health Service, and the UK’s own data protection watchdog, were affected.
In Australia, the crypto-jacking attack hit the official website of the Victorian parliament, the Queensland Civil and Administrative Tribunal, the Queensland ombudsman, the Queensland Community Legal Centre homepage, and the Queensland legislation website, which lists all of the state’s acts and bills.
Hackers exploited a vulnerability in the popular browser plug-in Browsealoud, a programme that converts website text to audio for visually impaired users.
I would have thought on a government website we should have expected these defence mechanisms to be in place
The makers of Browsealoud, Texthelp, confirmed that hackers inserted a script known as Coinhive into their software. Coinhive hijacks the processing power of a user’s computer to mine the cryptocurrency Monero.