More than 4000 websites, including many belonging to governments around the world, were hijacked this weekend by hackers who managed to plant CoinHive code created to exploit the computer power of visiting PCs and mine for cryptocurrency.
"Someone just messaged me to say their local government website in Australia is using the software as well".
"Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline", Texthelp chief technology officer Martin McKay said in a statement. The Queensland government's legislation website, the Queensland Civil and Administrative Tribunal and the Victorian Parliament were reportedly affected.
Scott Helme, a UK-based security researcher, has uncovered that a cryptocurrency mining script was injected in Text Help's accessibility services plugin called BrowseAloud. "There are easy ways to make sure they don't do that".
Suspect among 5 dead in Kentucky shooting spree: cops
Police say no other people were injured or transported to the hospital in addition to the two people who have already been killed. A 911 call about the vehicle led deputies to a second home in Paintsville where they found two other people dead in an apartment.
TextHelp, the company which operates BrowseAloud, confirmed to Sky News that they are taking the tool offline "whilst our engineering team investigates".
There were ways the government sites could have protected themselves from this.
The National Cyber Security Centre in the United Kingdom has given an official statement on the matter, assuring people that "Government websites continue to operate securely", further stating that "there is nothing to suggest that members of the public are at risk". "It may have been hard for a small website, but I would have thought on a government website we should have expected these defence mechanisms to be in place".
"This removed Browsealoud from all our customer sites immediately, addressing the security risk", he said.
"Texthelp can report that no customer data has been accessed or lost". Hackers are able to generate profit through crypto-jacking. The Queensland legislation website had taken further steps to get rid of the malicious script.