BSV
$67.45
Vol 132.49m
-6.14%
BTC
$98665
Vol 98712.86m
1.18%
BCH
$486.83
Vol 1118.17m
-2.44%
LTC
$91.32
Vol 1135.3m
1.37%
DOGE
$0.4
Vol 10350.16m
3.67%
Getting your Trinity Audio player ready...

Cybercriminals are at it again, this time setting their sights on a charity foundation.

Last week, researchers at security firm Trustwave reported that they have found a CoinImp crypto mining script has been injected into the official website of Make-A-Wish Foundation. In a blog post, the Trustwave researchers said the malware has been mining cryptocurrencies since May 2018. CoinImp has been using the website visitors’ computing power to mine cryptocurrencies.

Upon further investigation, researchers discovered that the foundation’s website became vulnerable earlier this year when its domain host, Drupal, became vulnerable to CVE-2018-7600, a remote code execution bug popularly known as “Drupalgeddon 2.” Drupal, an open source content management system, claimed that the vulnerability allowed hackers to inject malicious malware into specific websites that had failed to add in their security patch.

The CoinImp miner is based on the JavaScript and is generally used by individuals who secretly want to mine Monero currency using visitor’s phone, tablet or computer.

This particular cryptojacking incident was difficult to find because it used different techniques to avoid detection, according to Trustwave’s Simon Kenin. First, the malware changes the domain name that hosts the JavaScript miner. In addition, the WebSocket proxy also used different domains and IPs to avoid blacklist solutions.

Researchers have warned that Drupal-based websites need to be updated to avoid attacks from these and other malicious malware. Just this spring, the Drupalgeddon 2 bug, Remote Code Execution (RCE) vulnerability in the older versions of Drupal, affected more than 100,000 sites.

Meanwhile, McAfee Labs, an Internet security provider warned the public to watch out for a new cryptojacking malware called WebCobra. The company stated that unlike previous malware, the new cryptojacking malware could not be traced in the victim’s computer. The malware will slow down the user computer and consume a lot of power during its operations.

Recommended for you

David Case gets technical with Bitcoin masterclass coding sessions
Whether you're a coding pro or a novice, David Case's livestream sessions on the X platform are not to be...
November 21, 2024
NY Supreme Court’s ruling saves BTC miner Greenidge from closing
However, the judge also ruled that Greenidge must reapply for the permit and that the Department of Environmental Conservation has...
November 20, 2024
Advertisement
Advertisement
Advertisement