Cybercriminals are at it again, this time setting their sights on a charity foundation.
Last week, researchers at security firm Trustwave reported that they have found a CoinImp crypto mining script has been injected into the official website of Make-A-Wish Foundation. In a blog post, the Trustwave researchers said the malware has been mining cryptocurrencies since May 2018. CoinImp has been using the website visitors’ computing power to mine cryptocurrencies.
Upon further investigation, researchers discovered that the foundation’s website became vulnerable earlier this year when its domain host, Drupal, became vulnerable to CVE-2018-7600, a remote code execution bug popularly known as “Drupalgeddon 2.” Drupal, an open source content management system, claimed that the vulnerability allowed hackers to inject malicious malware into specific websites that had failed to add in their security patch.
Researchers have warned that Drupal-based websites need to be updated to avoid attacks from these and other malicious malware. Just this spring, the Drupalgeddon 2 bug, Remote Code Execution (RCE) vulnerability in the older versions of Drupal, affected more than 100,000 sites.
Meanwhile, McAfee Labs, an Internet security provider warned the public to watch out for a new cryptojacking malware called WebCobra. The company stated that unlike previous malware, the new cryptojacking malware could not be traced in the victim’s computer. The malware will slow down the user computer and consume a lot of power during its operations.
The Genesis protocol upgrade on February 4, 2020 is a monumental step in the history of Bitcoin, and will see BSV returned as close as possible to the original protocol as envisioned by Satoshi Nakamoto. Visit the Genesis Hard Fork page to learn more.
To receive the latest CoinGeek.com news, special discounts on CoinGeek Conferences and other inside information direct to your inbox, please sign up for our mailing list.