Crypto mining - Compromised plugin affects websites

19 February 2018
decorative image
Accessibility plugin compromised and embedded with cryptocurrency miner

AusCERT has advised all Victorian Government departments that a common accessibility plugin, Browsealoud by Texthelp, was compromised and embedded with a cryptocurrency miner, CoinHive, which was run on users’ machines while visiting affected sites. This was also reported by ITNews in the article titled “Australian govt sites hijacked by crypto miner”. The list of sites included some from the Victorian government such as the Victorian Parliament website.

AusCERT reported that there was no indication of data compromise, however there was wasted computational resources on users’ machines. The Javascript file and the WordPress plugin have been taken down by Texthelp in the interim while investigation is underway.

Funded organisations are recommended to:

  • check PublicWWW to determine whether their websites are affected
  • consider removing references to the embedded file, or seek an alternative product to meet their accessibility requirements
  • contact your IT service provider for further information and assistance.

For more background information, please refer to the article on the IT News website.

Texthelp have also published a short blog about their investigation.