Make-A-Wish-Foundation Website Becomes Latest Victim Of Crypto Mining Malware
Crypto jacking, which involves the use of malicious code to force other computer users to mine cryptocurrencies without their knowledge, has become a near-epidemic for internet users and many websites and major companies across the globe are falling victims to the same. The latest known victim of crypto jacking is the site of one of the most popular children’s foundations in the world “Make a Wish Foundation”. According to report published earlier last week, researchers from security firm Trustwave reported that a CoinImp crypto mining script was injected into the Make-A-Wish Foundation website and that this script used the computing power of visitor’s to mine cryptocurrencies for the hackers.
The Make-A-Wish Foundation site was built on Drupal, a popular open-source content management system. Earlier this year, Drupal announced that there had been vulnerability in their software that allowed hackers to inject malicious code into specific sites that had not incorporated their security patch. Just this spring, the Drupalgeddon 2 bug, Remote Code Execution (RCE) vulnerability in older versions of Drupal, affected over 100,000 sites. It is the belief of Trustwave researchers that the Make-A-Wish Foundation website might have been compromised with the malicious script in question through the same vulnerability which was subsequently identified and removed by the foundation.