Cryptojacking: Dutch government websites use hacked plugin to mine cryptocurrency
The websites of dozens of Dutch municipalities and various government websites in the United Kingdom and United States were infected with malware that hijacked site visitors' processing power to mine cryptocurrency Monero. Over 4,200 websites were affected worldwide, NU.nl reports.
When mining cryptocurrency, the processing power of a computer is used to validate transactions on the cryptocurrency network. Those who make their computers available for this are rewarded with crypto coins.
All affected websites use the popular plug-in Browsealoud, which reads websites out loud for people with visual impairments. Hackers injected code into the plug-in which mined cryptocurrency Monero using the computers of people who visited the site. The Monero coins received as a reward for the mining, went to the hackers. In this case, the malware only worked as long as the affected web page was active. As soon as the site is closed, the mining also stops.
According to NOS, more than a hundred Dutch sites were used to mine Monero, including the websites of Eindhoven and Utrecht's libraries, and the municipal sites of Bergen op Zoom and Wageningen. Lexima, the Dutch provider of Browsealoud, confirmed to the broadcaster that the plug-in was misused in this way for around 4 hours on Sunday.
According to a spokesperson for Texthelp, the company that developed Browsealoud, the plug-in was temporarily taken offline. It will be put back online once this problem is resolved. No customer data was leaked, the spokesperson added.