Public service websites among those affected by 'coin-jacking' attack

Irish public service organisations and companies are moving to ensure their websites are secure after dozens were reportedly compromised by so-called coin-jacking software.

The malicious code turns any computer that connects to the infected website into a device that mines or generates a particular cryptocurrency on behalf of those behind the operation.

The Health Service Executive was among dozens of Irish based bodies whose websites were on a list of those that had been affected.

A spokesperson for the HSE said the organisation had taken the necessary steps to minimise the risk from the attack.

Other websites reportedly impacted include those of the Department of Agriculture, Dublin City Council and Fingal, Cork, Wexford, Offaly county councils, the Houses of the Oireachtas, the Broadcasting Authority of Ireland, Women's Aid and the Central Remedial Clinic.

According to The Register, which first reported the story, the problems started just before midday yesterday when the malicious code was inserted by hackers into a popular website plugin called Browsealoud, made by British firm Texthelp.

It converts website text into spoken word for people who are visually impaired.

The plugin then compromised all the websites it was running on that were not protected, security experts say.

In total, more than 4,200 websites in multiple countries, including Ireland, the UK, the US and Australia, were impacted as a result. 

The malicious code inserted cryptocurrency mining software from Coinhive into the Browsealoud plugin. 

This meant any PC, tablet or phone that connected to the websites was turned into a mining machine for the cryptocurrency Monero, which is similar to Bitcoin.

The miner stops when the browser disconnects from the website that has been compromised.

Texthelp has since taken down the service, which should render the plugin, and therefore the infection, inactive.

There are no indications so far of any data being compromised on any of the websites that were infected.

The infection was first spotted by British-based information security consultant Scott Helme.