AusCERT has advised all Victorian Government departments that a common accessibility plugin, Browsealoud by Texthelp, was compromised and embedded with a cryptocurrency miner, CoinHive, which was run on users’ machines while visiting affected sites. This was also reported by ITNews in the article titled “Australian govt sites hijacked by crypto miner”. The list of sites included some from the Victorian government such as the Victorian Parliament website.
Funded organisations are recommended to:
- check PublicWWW to determine whether their websites are affected
- consider removing references to the embedded file, or seek an alternative product to meet their accessibility requirements
- contact your IT service provider for further information and assistance.
For more background information, please refer to the article on the IT News website.
Texthelp have also published a short blog about their investigation.