Thousands of websites have turned visitor computers into crypto-coin miners for a few hours, including pages related to government services in the United States, the United Kingdom, and Australia. The script was in codes added to a plugin used for accessibility purposes on web sites.
The Browsealoud plugin is designed to allow the reading of pages aloud, and is especially aimed at people with visual impairment or dyslexia. It is installed on more than 4.2 thousand sites worldwide.
The attack began with the plugin being hacked by hackers who inserted a malicious code that caused computers accessing the sites to mine the crypto moneda Monero during the early hours of Sunday, 11, according to TechCrunch.
Despite the hackers’ attempt to hide their action, it was eventually perceived by security experts. It is not yet known how many computers ran the miner, or how much the hackers got with the hit.
Texthelp, the developer of Browsealoud, quickly detected the malicious code and removed the script from the plugin. However, until an investigation is completed detailing how the coup happened, Browsealoud will be disabled. The expectation is that a correction will be released soon for him.