As the year draws to a close, hackers are definitely working overtime to close it in a grand style. And from all indications, there is no limit to what they can do to achieve that goal. Not content with hijacking websites of colleges, cryptocurrency exchanges, media outlets, technology giants, and even celebrity accounts, hackers target charity websites as the next frontier to be breached. They have already made their intentions known by hacking the site of the US-based Make-A-Wish Foundation.

Researchers from Trustwave, a security firm, discovered that hackers had used a crypto malware called CoinImp to compromise worldwish.org, which is one of the sites belonging to the foundation.

How does the malware work?

Hackers infected the website with a malicious script that secretly steals visitors’ computing power to mine cryptocurrency. Trustwave researchers said the malware likely originated because Make-A-Wish used an outdated version of the Drupal content management system.

Earlier this year, hackers targeted nearly 100,000 Drupal sites in a malware campaign called “Drupalgeddon 2.” Trustwave suspects the same hackers behind Drupalgeddon also attacked the Make-A-Wish site. The site’s administrators have now removed the malicious script.

Over the past year, hackers have increasingly used crypto-jacking scripts to attack hundreds of websites worldwide.

They exploited about 400 major websites running outdated Drupal versions, including UCLA, D-Link, Lenovo, and the US National Labor Relations Board.

Besides Drupal sites, hackers infected over 300,000 routers in Brazil and India with mining malware. McAfee Labs reported that hackers installed more than 2.5 million new crypto-jacking scripts in just the second quarter of 2018.

It’s important to note that not all mining scripts are malicious. Charities like Change.org and UNICEF use mining scripts voluntarily to raise funds for their projects.

In conclusion

Hackers seem to not be resting on their oars as their latest victim appears to be the Make-A-Wish Foundation. Researchers from Trustwave discovered that hackers targeted charity websites by infecting worldwish.org, one of the foundation’s sites, with cryptocurrency malware called CoinImp.

To keep up with the latest happenings in the world of cryptocurrency, subscribe to the ICOholder’s newsletter.