Make-A-Wish-Foundation Website Becomes Latest Victim Of Crypto Mining Malware

Crypto jacking, which involves the use of malicious code to force other computer users to mine cryptocurrencies without their knowledge, has become a near-epidemic for internet users and many websites and major companies across the globe are falling victims to the same. The latest known victim of crypto jacking is the site of one of the most popular children’s foundations in the world “Make a Wish Foundation”. According to report published earlier last week, researchers from security firm Trustwave reported that a CoinImp crypto mining script was injected into the Make-A-Wish Foundation website and that this script used the computing power of visitor’s to mine cryptocurrencies for the hackers.

The Make-A-Wish Foundation site was built on Drupal, a popular open-source content management system. Earlier this year, Drupal announced that there had been vulnerability in their software that allowed hackers to inject malicious code into specific sites that had not incorporated their security patch. Just this spring, the Drupalgeddon 2 bug, Remote Code Execution (RCE) vulnerability in older versions of Drupal, affected over 100,000 sites. It is the belief of Trustwave researchers that the Make-A-Wish Foundation website might have been compromised with the malicious script in question through the same vulnerability which was subsequently identified and removed by the foundation.

Earlier this year, a Citrix report revealed that a crypto jacking malware had hit at least 59% of UK companies at some point. In India, crypto jacking is a menace, with over 300,000 routers in Brazil and India found to have been injected with crypto mining malware. The Economic Times (ET) revealed in September that Indian government websites had not been spared from this phenomenon, stating that widely trusted Indian portals had been exploited by the crypto jacking menace. According to a security researcher quoted by ET, government websites were targeted due to the high number of online visitors and the trust these visitors have when they visit them. ..Read More..

Leave a Reply

Your email address will not be published.