15 February, 2018
CoinHive is one of the most blocked piece of software on the web with over 130 million blocks every week, according to Malwarebytes, the anti-malware firm, and the result of adding it to the code meant that every site hosting the plugin and those sites' visitor were turned into cryptocurrency miners. "They're the people we complain to when companies do bad things with our data", Helme said.
Over 4,200 websites are in the victims list [link], including The City University of NY, the USA court information portal (uscourts.gov), Lund University, the privacy watchdog The Information Commissioner's Office (ICO), and several other government, health and educational websites across the world.
Over 4,000 sites from across the world - including those owned by the UK's Information Commissioner's Office (ICO) and the NHS - were taken down yesterday after security researcher Scott Helme raised the alarm.
Australian government websites using the same plugin were also compromised.
Flawed US policy to make world's nuclear peril greater — Interview
However, the United States has considered, rightly claimed South Korea as the sole legitimate representative of all of Korea. No form of political dissent or free speech that does not agree with Kim Jong Un's narrative is tolerated in the country.
According to the BBC, the cryptocurrency involved was Monero-a Bitcoin rival created to be untraceable. "This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action", said Texthelp data security officer Martin McKay.
The cryptojacking program called Coinhive was inserted into website codes through the tainted version of Browsealoud for mining the digital currency Monero. They could have extracted personal data, stolen information or installed malware.
The hacked plugin, TextHelp's Browsealoud, reads websites aloud for users with partial or total blindness. In Australia, the Queensland Civil and Administrative Tribunal, the Victorian Parliament, and the Queensland Government's legislation websites were affected. The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency. The company who makes the plug-in, Texthelp, thereafter confirmed the plug-in was hit for four hours by code created to generate cryptocurrency.
On Sunday, the UK National Cyber Security Center (NCSC), part of the GCHQ intelligence agency, said that there is "nothing to suggest that members of the public are at risk". Texthelp said it was investigating the matter and described the breach of its system as a "criminal act".