News

ACSC statement on cryptocurrency miner inserted into BrowseAloud

Main points

  • The ACSC has become aware of an unauthorised cryptocurrency miner inserted in the BrowseAloud website plugin made by Texthelp.
  • If organisations are using this plugin the ACSC advises your internal networks and websites are not at risk of compromise.
  • Texthelp has released a statement advising that personal and customer data has not been accessed or lost.
  • The security issue has been addressed by Texthelp and the BrowseAloud plugin has been temporarily taken offline, pending investigation.

Recommendations

  • The ACSC recommends organisations review their use of third-party website plugins and where applicable consider implementing appropriate security controls. Open Web Application Security Project (OWASP) provides advice on managing third-party Javascript (see links below).

Links

Reports help the ACSC to develop a better understanding of the threat environment and will assist other organisations who are also at risk.

Cyber security incident reports are also used in aggregate for developing new defensive policies, procedures, techniques and training measures to help prevent future incidents.

Information for Australian businesses
Information for individual Australian citizens
Information for Federal, State and Local government agencies