Got a question? Call 1800 853 276 | Login
Criminals who take advantage of people with vision problems and well-meaning businesses are about as low as anyone can sink. The latest advisory from Stay Smart Online today tells how thousands of websites around the world which use a plugin ‘Browsealoud’ were attacked. The plugin adds speech, reading, and translation to websites facilitating access and participation for people with dyslexia, low Literacy, English as a Second Language (ESL), and those with mild visual impairments.
Over 4,200 sites, including a large number of U.S., U.K. and Australian government sites, were infected by a malicious version of Browsealoud, which caused cryptomining to run on the computers which visited the infected websites and ran the plugin, generating Monero cryptocurrency using the resources of the secondary target computers, that is, those owned by innocent people who needed the assistance of the plugin. The criminals gained financially by using the computing power of users’ PCs to generate cryptocurrency.
This technology was compromised by altering Browsealoud’s source code to silently inject Coinhive’s Monero miner into every webpage offering Browsealoud. The additional code was obfuscated or hidden by converting the ASCII (human readable) instruction to connect to Coinhive’s JavaScript miner to hexadecimal in an attempt to hide it.
Texthelp, the developers of Browsealoud, have taken action and removed the Java®-based software while investigating the issue.
The Java cryptomining software is only active while browsing on an infected machine which has visited an infected web server. As soon as the web browser is closed, the software ceases to operate.
This particular attack no longer exists, but it shows the vulnerability of our free and open internet system, and the necessity of ensuring that our computer software and anti-virus is kept up to date and that your Chief Information Security Officer is aware of current issues.
There are methods we discuss on EC-Council’s Certified Ethical Hacker and Certified Network Defender courses to let web administrators know when any changes have occurred on their websites so that they would be aware that modifications have been made to their web software, that they may have been attacked and thus take action accordingly. For more information, check out our EC-Council course schedule.
References: Stay Smart Online The Register Reuters
Stay safe, Terry Griffin
Principal Technologist: Security