Cyber criminals seem to have reached a new low, as they have targeted the site of one of the most popular children’s foundations in the world and infected it with crypto mining malware.
In a published report this week, researchers from security firm Trustwave reported that a CoinImp crypto mining script was injected into the Make-A-Wish Foundation website and that this script used the computing the power of visitor’s to mine cryptocurrencies for the hackers.
The Make-A-Wish Foundation site was built on Drupal, a popular open-source content management system. Earlier this year, Drupal announced that there had been a vulnerability in their software that allowed hackers to inject malicious code into specific sites that had not incorporated their security patch. Just this spring, the Drupalgeddon 2 bug, a Remote Code Execution (RCE) vulnerability in older versions of Drupal, affected over 100,000 sites.
Trustwave researchers believe the Make-A-Wish Foundation website might have been compromised through the same vulnerability. The foundation subsequently identified and removed the malicious script in question.
Cryptojacking, which involves the use of malicious code to force other computer users to mine cryptocurrencies without their knowledge, has become a near-epidemic for internet users.
Earlier this year, a Citrix report revealed that a cryptojacking malware had hit at least 59% of UK companies at some point.
In India, cryptojacking is a menace, with over 300,000 routers in Brazil and India found to have been injected with crypto mining malware. The Economic Times (ET) revealed in September that Indian government websites had not been spared from this phenomenon, stating that widely trusted Indian portals had been exploited by the cryptojacking menace.
According to a security researcher quoted by ET, government websites were targeted due to the high number of online visitors and the trust these visitors have when they visit them.
“Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting cryptojackers is more fashionable as the hacker can make money.”
Internet security provider McAfee Labs weighed in on the epidemic last week, warning users of a new cryptojacking malware called “WebCobra,” which it said can operate without a trace on a victim’s computer.
The researchers went on to state:
“As the malware increases power consumption, the machine slows down, leaving the owner with a headache and an unwelcome bill.”
Featured Image from Johnny Silvercloud/Flickr