Over 4k Websites Get Infected With Cryptocurrency Mining Malware

Nearly 4000 websites including some top government websites from the UK and the US were found infected recently with a crypto-coins mining malware. The infection was first detected by Scott Helme, a UK based infosec consultant. The security agencies turned their heads towards it when Scott posted about it on Twitter.
When investigated more, the roots of the malware were found in a very popular plugin called Browsealoud that is offered by the renowned British firm, Texthelp, which reads web pages for blind or partially sighted people.
According to Martin McKay, CTO and Data Security Officer at Texthelp,
“In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year and our data security action plan was actioned straight away. Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline. This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.”
Texthelp also tells that there are no reports for any customer data accessed or lost. Well, this is a good news and the Browsealoud service has been temporarily taken offline. However, the company has stopped its services only till Tuesday 12:00 GMT. This issue is a great loss for Texthelp but Browsealoud has only been affected with this issue.
Martin McKay also confirmed in a statement,
“A security review will be conducted by an independent security consultancy. The investigation is ongoing, and customers will receive a further update when the security investigated has been completed.”