Sorry, you need to enable JavaScript to visit this website.
Skip to main content

ACSC statement on cryptocurrency miner inserted into BrowseAloud

Browsealoud

Main points

  • The ACSC has become aware of an unauthorised cryptocurrency miner inserted in the BrowseAloud website plugin made by Texthelp.
  • If organisations are using this plugin the ACSC advises your internal networks and websites are not at risk of compromise.
  • Texthelp has released a statement advising that personal and customer data has not been accessed or lost.
  • The security issue has been addressed by Texthelp and the BrowseAloud plugin has been temporarily taken offline, pending investigation.

Recommendations

  • The ACSC recommends organisations review their use of third-party website plugins and where applicable consider implementing appropriate security controls. Open Web Application Security Project (OWASP) provides advice on managing third-party Javascript (see links below).

Links

Date
February 12th, 2018