Hackers have hijacked thousands of government websites to help them to stockpile cryptocurrencies such as Bitcoin.
Security researcher Scott Helme discovered the hack when a pal mentioned getting antivirus alerts on a UK Government website.
"We don't know how Texthelp were compromised yet, so it is hard to say whether they were really unlucky or there was some kind of inherent problem with what they were doing".
The secret code was found on pages for NHS trusts, councils, and even the Information Commissioner's Office - which deals with security breaches. The website plug-in helps people with dyslexia, low vision and low literacy use the Internet.
Oakland County represented at Olympics in South Korea
Canada's Tessa Virtue and Scott Moir , the reigning world champions, came in first with 80.51 points. Wardrobe malfunctions happen to the best of us - "regular" folks and celebrities alike.
It's unknown at this stage whether Browsealoud's code - made by Texthelp - was compromised by insiders or hackers on the outside, but The Register reports that those responsible used the plug-in as a backdoor to inject Coinhive Monero miner into any website using it.
"The affected service has been taken offline, largely mitigating the issue".
"If you want to load a crypto miner on 1,000+ websites you don't attack 1,000+ websites, you attack the 1 website that they all load content from", Helme wrote on his blog. A single company being hacked has meant thousands of sites impacted across the UK, Ireland and the United States. Helme suggested government websites must be held to a higher security standard.
"Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline", Texthelp chief technology officer Martin McKay said in a statement.
The Queensland Government legislation website appears to be among the Australian sites affected.