BSV
$72.5
Vol 131.72m
8.82%
BTC
$98763
Vol 60402.19m
0.66%
BCH
$532.77
Vol 1694.38m
10.58%
LTC
$103.21
Vol 2320.64m
14.38%
DOGE
$0.46
Vol 23483.42m
14.99%
Getting your Trinity Audio player ready...

Cryptojacking attacks are becoming increasingly prevalent, as scammers exploit vulnerabilities in websites to hack the resources of unsuspecting visitors. This type of scam, which mines cryptocurrency for the hackers in the background, has already affected a number of websites, leveraging cloud-based mining to turn attacks into cash.

Now, it looks as though a new, major wave of cryptojacking attack is underway, specifically targeting websites using the Drupal content management system (CMS).

Security researcher Troy Mursch recently revealed on Bad Packets Report website how hackers have deployed cloud-mining script Coinhive in websites including San Diego Zoo, and Mexico’s Chihuahua government, amongst others. Initial reports uncovered as many as 400 similarly affected sites, including a number of domains operated by universities and government agencies.

In both of the above examples, the script was injected in the “/misc/jquery.once.js?v=1.2” JavaScript library, which researchers extrapolated to identify countless other examples of the hack in action.

Cryptojacking significantly increases CPU usage for website visitors, and can undermine important digital infrastructure—the list of affected government sites as an example in this case. In some cases, because CPU usage is unthrottled, devices can overheat, with 100 percent of their processing power being used up in the mining process.

So what can website administrators do to protect against these threats? Mursch recommended vulnerable websites immediately take steps to protect themselves.

“We’ve seen plenty examples of Drupalgeddon 2 being exploited in the past few weeks,” he wrote. “This is yet another case of miscreants compromising outdated and vulnerable Drupal installations on a large scale. If you’re a website operator using Drupal’s content management system, you need to update to the latest available version ASAP.”

Although the Drupal security already has an FAQ documenting the risk level and mitigation steps, Mursch advised users “to take further remediation steps” because “installing the update won’t retroactively ‘unhack’” the website.

With attacks of this kind likely to become increasingly common, a greater awareness of the risks is required. The development will be concerning for website owners, but serves as a reminder of the importance of using the latest versions of any CMS.

Recommended for you

David Case gets technical with Bitcoin masterclass coding sessions
Whether you're a coding pro or a novice, David Case's livestream sessions on the X platform are not to be...
November 21, 2024
NY Supreme Court’s ruling saves BTC miner Greenidge from closing
However, the judge also ruled that Greenidge must reapply for the permit and that the Department of Environmental Conservation has...
November 20, 2024
Advertisement
Advertisement
Advertisement