In a startling discovery, it has been reported that more than 4,000 websites including government websites in the US, Australia and UK are hijacked to use the processing power for secretly mining cryptocurrencies. Based on a alert from a friend, Security researcher Scott Hemle first reported the incident in the website of ICO(Information Commissioner’s Office), UK. The researcher was able to trace the script back to more than 4000+ websites across the globe impacted by this issue.
The hack is done using a modified accessibility plugin which inserts a obfuscated code to inject the infamous coinhive miner into the targeted websites. This way, upto 40% CPU power can be utilized for mining purpose without your knowledge.
TextHelp, the company which owned the plugin has took down its plugin and also confirmed the cyber-attack in its plugin for four hours. However, it confirmed that no customer data was accessed or lost in the attack.
Now, UK’s National Cyber Security Centre has launched an investigation into the incident. Also, Helme has warned that attack could have been more serious of this was used in other prominent software used worldwide.