It is no news that cyber attacks and security has been on the forefront of the crypto world especially after the series of attacks levied against crypto exchanges this year. However, in light of major advancements in the crypto world, other websites are becoming targets to these threats.
US-based Charity organisation, Make-A-Wish, recently announced that its website had been hacked and has been subjected to crypto mining software which was programmed to mine Monero (XMR).
According to Trustwave’s Cybersecurity expert, Simon Kenin, the attacker had embedded a script in the charity’s website to mine the cryptocurrency via the unsuspecting visitors’ computing power.
The report released by the cybersecurity research firm, the attacker used the website’s Drupal Content Management System (CMS) as a gateway for the malicious script. This was mainly because an update of the Drupal was necessitated to get optimal security services.
As such, failure to update the Drupal CMS on websites such as the charity’s opened a way for attacks. The Drupal is majorly an open souce content management framework written in PHP which majorly provides services to websites.
The report further explained with the Drupal a constant entity on numerous websites across the globe, it made access to websites by this crypto jacking software relatively easy. Kenin explained that the hacker encrypted CoinIMP, a crypto mining software, into the website’s code.
Simon Kenin stated that:
Embedded in the site was a script using the computing power of visitors to the site to mine cryptocurrency into the cybercriminals’ pockets, making their ‘wish’ to be rich, come ‘true’. It’s a shame when criminals target anyone but targeting a charity just before the holiday season? That’s low.”
Evolution of Mining Scripts makes Deduction of Malicious Scripts Harder
The report explained that the hacker tactically avoided detection by changing the host domain to accommodate the malicious script while evading blacklisting via integration by various domains and IP addresses.
“A quick investigation showed that the domain ‘drupalupdates.tk’ that was used to host the mining script are part of a known campaign which has been exploiting Drupalgeddon 2 in the wild since May 2018.” The report stated.
As reported by XBT Network, the CoinIMP software used in this case majorly allows its user mine two cryptocurrencies with Monero being one. Plus, it is just as well that Monero allows its users the flexibility of untraceable transactions thus making it a target for the attacker.