A series of Australian government websites, including the Victorian parliament's, have been compromised by malware that forces visitors' computers to secretly mine cryptocurrency, as part of a worldwide security breach.
Users loading the websites of the Information Commissioner's Office, the Student Loans Company, as well as the council websites for Manchester City, Camden, and Croydon - and even the homepage of the United States Courts - will have their computers' processing power hijacked by hackers.
Thousands of websites, including ones run by US and United Kingdom government agencies, were infected for several hours on Sunday with code that causes web browsers to secretly mine digital currencies, technology news site The Register reported.
"If you want to load a crypto miner on 1000+ websites you don't attack 1000+ websites, you attack the 1 website that they all load content from", Helme said.
On Monday morning, Texthelp took the Browsealoud plugin offline, which meant that new visitors to the affected sites would no longer load the cryptojacking script.
The attack took place at about 11.15am yesterday.
"Texthelp can report that no customer data has been accessed or lost".
But, he added, there was a simple way to defend against the attack: "every single website I run has an "Integrity Attribute", which is a tiny change in how the script is loaded but is there because I'm anxious about exactly this type of thing happening". He said: Every single website I run has an "Integrity Attribute", which is a tiny change in how the script is loaded but is there because I'm anxious about exactly this type of thing happening.
"The company has examined the affected file thoroughly and can confirm that it did not redirect any data, it simply used the computers CPUs to attempt to generate cryptocurrency".
Both federal and state government websites locally are included in the list.
Ther UK's National Cyber Security Centre said it was investigating the issue. "The Browsealoud service has been temporarily taken offline and the security breach has already been addressed, however Browsealoud will remain offline until Tuesday 12.00 GMT". At this stage there is nothing to suggest that members of the public are at risk.
- Duke's Marvin Bagley III out with knee injury against Georgia Tech
- Results: Women's hockey - Team USA vs. Finland
- Genuine Parts (NYSE:GPC) Shares Sold by Gabelli Funds LLC
- Kovack Advisors Inc. Purchases Shares of 5919 Mondelez International Inc (MDLZ)
- Recruiters back extension of ban on OFW deployment to Kuwait
- Reduces Position in Bristol-Myers Squibb Co (BMY)
- Fox Run Management LLC Buys New Position in ONEOK, Inc. (OKE)
- North Korea invites South president to Pyongyang
- Kim Jong Un Invites South Korea's President To North Korea
- South Africa beat India in Johannesburg, stay alive in series