Government websites have calmly bot running cryptocoin mining scripts
A security researcher has discovered thousands of legitimate websites — many belonging to local governments and government agencies — running scripts that secretly force visitors’ computers to mine cryptocoins.
Ter the UK, both the websites of the Information Commissioner’s Office and the Student Loan Company have found to be affected. The mining scripts were also found on the websites of the General Medical Council and NHS Inform.
Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site… pic.twitter.com/xQhspR7A2f
On the other side of the pond, the websites belonging to the Indiana Government and the US courts system were also discovered to be running the CoinHive mining software.
The kwestie stems from a lump of software called BrowseAloud, which is embedded on all affected sites. BrowseAloud offers accessiblity services, assisting those with literaracy or visual impairments to access government services and information.
There is no suggestion of wrongdoing by the aforementioned sites, strafgevangenis TextHelp (the holder of BrowseAloud).
It shows up that at some point on Sunday, an unknown third-party modified BrowseAloud to covertly inject the CoinHive mining software. TextHelp has since withdrawn the BrowseAloud plugin while it addresses the punt.
It seems like the @texthelp script verkeersopstopping wasgoed modified inbetween Zon, 11 Feb 2018 02:58:04 GMT and Zon, 11 Feb 2018 13:21:56 GMT according to the @internetarchive:https://t.co/jwKLA6mq7Nhttps://t.co/ZHiUJXBpxC
Cryptojacking is a problem most commonly associated with the seedier aspects of the Internet. Some sites often fight to attract typical advertisers: like those ter the porn and opstopping sharing spaces. Ter order to keep the lights on, they instead resort to using their visitor’s spare CPU power to mine cryptocoins.
On one forearm, cryptojacking is less visibly intrusive than traditional advertising. That’s not much off a defense tho’, and it comes with several major downsides.
Users with thesis scripts running find their computers inexplicably slower. Their machines might also run hot. If they’re on a mobile device, battery life will be adversely affected.
It’s pretty astonishing to see cryptojacking scripts running on legitimate government webpages. Te this case, security researchers identified the punt quickly.
The largest takeaway from this scene is that, no matter your browsing habits, cryptojacking is a threat you should protect yourself from.
The most well-known content blocker that explicitly deals with cryptojacking is No Coin. This plugin is available for Firefox, Chrome, and Opera.
Should you want something that’s baked deeply into the browser, both the desktop and mobile versions of Opera come with cryptojacking protections baked ter.