Cryptojacking Scheme Affects U.S. And U.K. Government Websites

Wit Olszewski/Shutterstock.com

The current cryptocurrency craze is creating new headaches for those in charge of security. 

Most recently, more than 4,200 websites secretly hijacked browsers to mine the cryptocurrency Monero due to a compromised accessibility plugin. Sites affected include those of the U.S. court information system, the UK's National Health Service and Australian legislatures, The Register reported.

The affected pages all ran the accessibility plugin Browsealoud, which helps users with visual impairment navigate websites. The cryptojackers modified the plugin to spread a JavaScript mining code from the cryptocurrency site Coinhive. The site takes a 30 percent cut of anything mined, and has been previously implicated in similar cryptojacking schemes, according to Gizmodo.

It's not known who was behind the scheme and whether the plugin, which is produced by the company Texthelp, was compromised by someone external or a company insider who decided to make a quick profit.

The mining only took place for a few hours on Sunday. In response, some government websites took their pages down. Texthelp disabled the plugin and is launching an investigation by an independent security company.