Hackers Injecting Malicious Scripts Into Government Websites


Hackers use to breach for defacement to get attention but now the trend has shifted towards injecting malicious scripts into websites to mine cryptocurrencies.

Security researcher Scott Helme first discovered the mining malware which he finds that it was running on more than, 4,000 sites, including U.K.’s Information Commissioner’s Office and on American Court System.

Visitors who visited the hacked websites immediately had their computers' processing power hijacked, also known as crypto jacking, to mine cryptocurrency without their knowledge, potentially generating profits for the unknown hacker or group of hackers.

It turns out that hackers managed to hijack a popular third-party accessibility plugin called "Browsealoud," used by all these affected websites, and injected their cryptocurrency-mining script into its code.

Browsealoud is a popular third-party browser plugin that helps blind and partially-sighted users access the web by converting site text to audio.

Article Reference: