Make-A-Wish Site Infected With Crypto Mining Malware
As the year draws to a close, hackers are definitely working overtime to close it in a grand style. And from all indications, there is no limit to what they can do to achieve that goal. Not content with hijacking websites of colleges, cryptocurrency exchanges, media outlets, technology giants, and even celebrity accounts, the next frontier to be breached happens to be charitable organizations. And they have already made their intentions known by hacking the site of the US-based Make-A-Wish Foundation.
Researchers from Trustwave, a security firm, discovered that hackers had used a crypto malware called CoinImp to compromise worldwish.org, which is one of the sites belonging to the foundation.
How does the malware work?
It infects the website with a malicious script, which then steals the computing power of visitors in order to mine cryptocurrency secretly.
The Trustwave researchers noted that the “origin of the malware is likely Make-A-Wish decision to use an outdated version of Drupal content management system.”
It will be recalled that earlier in the year, researchers had reported that nearly 100,000 Drupal sites were targeted by hackers as part of a malware campaign, which was popularly christened “Drupalgeddon 2.” Trustwave researchers suspect that the hackers behind Drupalgeddon are also responsible for the hack on Make-A-Wish site. The malicious script has already been removed from the site according to Trustwave.
Over the past year, crypto-jacking scripts have become favored by hackers for attacking hundreds of websites around the world.
Four hundred major websites using Drupal outdated versions were exploited by hackers. Some of the sites included the University of California, Los Angeles (UCLA); D-Link, a Taiwanese network hardware manufacturer; Lenovo; and the US National Labor Relations Board (NLRB).
Apart from the Drupal sites infection, which occurred earlier this year, over 300,000 routers in Brazil and India were also discovered to be infected with mining malware. In fact, “a research conducted by McAfee Labs found that more than 2.5 million new crypto-jacking scripts were installed just in the second quarter of 2018.”
It is pertinent to note that not all mining scripts are planted by hackers. Charitable organizations such as Change.org and UNICEF normally use it on a volunteer basis to raise money for their projects.
Hackers seem to not be resting on their oars as their latest victim appears to be the Make-A-Wish Foundation. The attack, which was discovered by Researchers from Trustwave, was launched on worldwish.org, one of the foundation’s websites, and it had been infected with a cryptocurrency malware called CoinImp.
To keep up with the latest happenings in the world of cryptocurrency, subscribe to the ICOholder’s newsletter.