Cryptojacking Attack Hits Hundreds of Websites to Mine Monero

 

Cryptojacking has been one of the most significant security threat researchers have been facing ever since cryptocurrencies took off last year. Mining requires computational power, and in return, miners are awarded a small amount of cryptocurrency. With cryptojacking, hackers infect machines and secretly use them to mine cryptocurrencies.

 

According to a report by the UK’s National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) titled The Cyber Threat to UK Business,“Cryptojacking will likely become a regular source of revenue for website owners.” In February this year, Tesla’s website was hacked to mine Monero.

Some website owners have implemented cryptojacking as a source of revenue for them. However, hackers have been targeting websites with inadequate security to implement cryptojacking. In these cases, both the website owner and the users do not know the existence of the malicious code.

According to a new report published by Bad Packets, more than 300 websites have been affected by cryptojacking malware due to a vulnerability in an outdated version of Drupal which is a content management system similar to WordPress. Initially, they were notified of cryptojacking on the websites of San Diego Zoo and the government of Chihuahua. On cross-referencing the two sites, the only common link was that both sites used an outdated version of Drupal.

Bad Packets Report@bad_packets

found on the website of the San Diego Zoo (@sandiegozoo) in the latest high-profile case of .

Coinhive was used in these sites to mine Monero. Coinhive is a JavaScript-based miner which can be implemented easily and runs on the browser as long as the site is open. Also, since it mines Monero which is a privacy-focused coin, it is hard to trace them.

Bad Packets Report@bad_packets

The campaign targeting the @sandiegozoo website is also affecting the website of the government of Chihuahua.
(@SFP_Chihuahua)http://chihuahua.gob.mx https://twitter.com/jcgarciagamero/status/992549470846976001 

Bad Packets Report@bad_packets

Similar story here — injected via the same library (jquery.once.js?v=1.2) pointing to http://vuuwd[.]com/t.js

Also an outdated installation. pic.twitter.com/fXv2sBsIVB

View image on TwitterView image on TwitterView image on TwitterView image on Twitter

Once they knew what they were looking for, they scanned the internet and found more than 350 affected websites that were affected by the bug. A lot of these websites were educational institutions and government organizations. Also, most of the affected websites were within the United States.

JavaScript was used to inject the malicious code on the affected websites and the malware only seems to affect sites that use an outdated version of Drupal. The security bug has been patched and if you are still running a site that uses an outdated version of Drupal, now would be a good time to upgrade.

Featured image from Shutterstock.

Follow us on Telegram.

AUTHOR: Vignesh Selvasundar

 

Linking Shareholders and Executives :Share Talk

If anyone reads this article found it useful, helpful? Then please subscribe www.share-talk.com or follow SHARE TALK on our Twitter page for future updates.

Terms of Website Use

All information is provided on an as-is basis. Where we allow Bloggers to publish articles on our platform please note these are not our opinions or views and we have no affiliation with the companies mentioned

WordPress Security