County council targeted in scam
WEXFORD County Council was among a number of public service organisations and companies hit by so-called coin-jacking software over the weekend.
The malicious code turns any computer that connects to the infected website into a device that mines or generates a cryptocurrency similar to Bitcoin.
Bodies hit by the scam included Wexford County Council, Dublin City Council and Fingal, Cork and Offaly county councils, the Department of Agriculture, Dublin City Council and Fingal, Cork, Wexford, Offaly county councils, the Houses of the Oireachtas, the Broadcasting Authority of Ireland, Women’s Aid and the Central Remedial Clinic. As far as is known none of the attempts were successful
The Register website, which first reported the story, said the problems started just before noon on Sunday when the malicious code was inserted by hackers into a popular website plugin called Browsealoud, made by British firm Texthelp, which converts web text into the spoken word for people who are visually impaired.
The plugin then compromised all the websites it was running on that were not protected, security experts say.
In total, more than 4,200 websites in multiple countries, including Ireland, the UK, the US and Australia, were impacted as a result. The Register said that ‘for several hours today (Sunday), anyone who visited a site that embedded Browsealoud, inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper’. The malicious code inserted cryptocurrency mining software from Coinhive into the Browsealoud plugin.
This meant any PC, tablet or phone that connected to the websites was turned into a mining machine for the cryptocurrency Monero, which is similar to Bitcoin. Texthelp has since taken down the service.