More than 4,000 sites have been affected, according to security researcher Scott Helme, after a third-party service they used was infected with the Coinhive cryptocurrency miner.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Sites can ensure third-party libraries haven't been tampered by using the Sub Resource Integrity attribute in the HTML script tag.
Government websites in the US, UK and Australia have been serving visitors cryptomining malware after a third-party service was compromised.
The sites are among more than 4,000 affected on Sunday, according to security researcher Scott Helme, after a third-party service they used was infected with the Coinhive cryptocurrency miner.
In the UK, affected websites included the Information Commissioner's Office, the Student Loans Company, and the UK National Health Service (NHS) Scotland; in the US, uscourts.gov; and in Australia, the Queensland government portal.
"If you want to load a crypto miner on 1,000+ websites you don't attack 1,000+ websites, you attack the 1 website that they all load content from," he writes.
SEE: It leader's guide to the threat of fileless malware (Tech Pro Research)
"In short, this could have been totally avoided by all those involved even though the file was modified by hackers," the researcher says. "I guess, all in all, we really shouldn't be seeing events like this happen on this scale to such prominent sites."
Helme found that the Browsealoud library was updated to include the cryptocurrency miner at around 3am GMT on Sunday, and the malware appears to have been served to website visitors during a four-hour period that day.
Texthelp says Browsealoud has since been removed from "all our customer sites", and added that no customer information was exposed. However, the ICO website was still offline at the time this article was published.
Commenting on the incident, a spokesperson for the UK National Cyber Security Center (NCSC), part of the intelligence agency GCHQ, said there is "nothing to suggest that members of the public are at risk", but added that its experts were examining the incidents.
- 10 ways to minimize fileless malware infections (TechRepublic)
- Almost one billion video stream users exposed to secret cryptocurrency mining (ZDNet)
- Opera now blocks attackers from hijacking your browser for mining Bitcoin (TechRepublic)
- How much does The Pirate Bay's cryptocurrency miner make? (ZDNet)
- Malware-laden apps in Google Play store mine cryptocurrency from mobile victims (TechRepublic)