Australian govt sites hijacked by crypto coin miner

More than 4000 Australian and global government websites have been hijacked to run the Coinhive crypto currency mining software after a popular accessibility tool was compromised by attackers. 

Security researcher Scott Helme today published his discovery of 4275 government websites across the globe that have been hijacked by Coinhive.

The list spans the US and UK as well as Australia.

Both federal and state government websites locally are included in the list.

The Queensland government's main site for its legislation has been hijacked, as have websites belonging to the likes of Queensland Urban Utilities, the Victorian parliament, and South Australia's City of Unley.

The problem stems from a website plug-in called Browsealoud that helps blind and partially sighted people access the web. 

The plug-in was tampered with overnight to add the Coinhive program. Coinhive mines for the Monero crypto currency. 

"If you want to load a crypto miner on 1000+ websites you don't attack 1000+ websites, you attack the 1 website that they all load content from," Helme said.

Browsealoud operator Texthelp said it taken the tool offline as soon as one of its automated scans had discovered the modified file.

"This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action, " Texthelp chief technical Officer Martin McKay said in a statement.

"Texthelp can report that no customer data has been accessed or lost.

"The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers CPUs to attempt to generate cryptocurrency. The exploit was active for a period of four hours on Sunday."

He said Browsealoud would remain offline for the next two days to allow the company to communicate the issue with its customers.

AusCERT analyst David Lord told iTnews the use of plug-ins like Browsealoud in numerous websites made the vendors a big target for attackers.

"The accessibility aspect, especially, means many of their users will have been government or corporate websites," Lord said.

"Now would be a good time to gain visibility over browser plug-ins and third party libraries used by your websites and review the risk."