Update - 15:44 on 11th February 2018
The site hosting the compromised plugin has been taken offline to mitigate the issue. The question now is how long the plugin has been compromised and what steps will be taken to ensure more serious breaches don't occur in future.
While a hidden cryptominer is a serious issue, it is relatively benign compared to something which may be stealing visitor's private information. At this time there is no suggestion that this is something that serious.
The snafu was first noticed by infosec consultant Scott Helme who posted his findings on Twitter. He noticed that a plugin provided by browsealoud.com had been compromised, the plugin is used on government sites amongst others to provide audio versions of the text on pages for those with vision or reading issues.
— Scott Helme (@Scott_Helme) February 11, 2018
At the time of writing, a total of 4,275 sites are using the infected code, and at least twenty are UK government, NHS or academic sites. Other national government sites are affected in the US and New Zealand amongst others.
This situation highlights the risk in serving third party code on websites - one compromise has resulted in thousands of legitimate sites visitors being used to mine cryptocurrency against their wishes.
A full list of the sites linking to this plugin is here...
Last updated: 11/02/2018 15:53:42