Government websites, including, pulled into cryptomining scheme

A third-party plugin co-opted sites, including ones belonging to the U.S. federal courts and D.C.'s public transit system, to mine Monero.
Fake coins with the Monero logo. (Getty)

A slew of government websites, including the site run by the United States federal court system, were among the thousands pulled into a cryptomining scheme via a third-party browser plugin.

Scott Helme, a security researcher based in the United Kingdom, found malicious code planted on websites through Browsealoud, an accessibility plugin that reads websites for people with vision problems. Since the plugin is added to a site’s source code, any site running the plugin was co-opted into running Coinhive in order to mine Monero.

Coinhive is one of the most popular pieces of malware currently online.


Among those affected are health care sites in the U.K., university sites in Sweden and makeup retail sites based in Brazil. In the U.S.,, Indiana’s state website and, the website for the Washington Metro Area Transit Authority, had the malicious code.

A spokesperson for the Administrative Office of U.S. Courts did not return a request of comment. A spokesperson for WMATA was unavailable.

After being alerted to the scheme, Browsealoud parent company TextHelp removed the plugin for further investigation.


“Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline,” said Martin McKay, the company’s CTO and data security officer. “This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action.”

The company says the code was only active for a period of four hours on Sunday.

Browsealoud will be kept offline until Tuesday in order to fully address the problem.

A partial list of websites can be found here.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts