Recently, websites are infested with cryptocurrency mining malware and can secretly open browsers in the computer background without the knowledge of users and mine cryptocurrencies even after closing all visible browser windows. "Government websites continue to operate securely", said a spokesperson. "Someone just messaged me to say their local government website in Australia is using the software as well", Scott Helme, an IT security consultant, commented to Sky News.
This meant any PC, tablet or phone that connected to the websites was turned into a mining machine for the cryptocurrency Monero, which is similar to Bitcoin. Security researchers are now advising websites to take some action, especially government websites like the ICO.
While the hack, TextHelp said, did not affect customer data, the plugin was readily mining cryptocurrency across the affected sites, which included TextHelp's own website, for around 4 hours.
"If you want to load a crypto miner on 1,000-plus websites you don't attack 1,000-plus websites, you attack the one website that they all load content from", said Helme.
Texthelp's Browsealoud script allows users to request that a page it's embedded into be read aloud or translated into another language.
"Customers will receive a further update when the security investigation has been completed", said Martin McKay, Texthelp's chief technology officer, in an official statement.
Image The ICO also took its site down
When mining cryptocurrency, the processing power of a computer is used to validate transactions on the cryptocurrency network.
Texthelp, the company that sells Browsealoud, has now taken down the service until midday Tuesday 13 February.
The company added that no customer data has been accessed or lost.
"The affected services have been taken offline, largely mitigating the issue".
Unfortunately, security teams lack visibility into all of the ways that they can be attacked externally, and struggle to understand what belongs to their organisation, how it's connected to the rest of their asset inventory, and what potential vulnerabilities are exposed to compromise.