Cryptojacking hackers infected 400 major websites with stealth miners

Malware miners managed to infect more than 400 big websites recently, resulting in the generation of large quantities of cryptocurrency for the attackers. The cryptojackers appear to have taken advantage of a flaw in content management system (CMS) Drupal to install the stealthy mining software under the nose of website owners.

Cryptojacking, the process of running cryptocurrency mining software on someone’s system without them realizing it, has become a hot trend in recent months. It even replaced ransomware as one of the top go-to methods for making money with malware. Although not as impactful to affected victims as ransomware or identity theft, it can still cause slowdowns on a system and potentially damage hardware if allowed to run rampant.

This latest cryptojacking craze has been termed “Drupalgeddon 2” by those who discovered it at BadPackets. It saw the hackers infiltrate websites that were running outdated and vulnerable versions of the Drupal CMS to install the cryptomining software Coinhive, as per PCMag. Although designed to allow website owners to monetize their users in ways other than advertising, Coinhive has been used by hackers to take advantage of vulnerable websites and their unwitting users.

A subsequent visit to sites affected by this latest attack forced visitors to run the software, generating cryptocurrency for the hackers. Affected sites included PC manufacturer Lenovo, the San Diego Zoo, and the government website for Chihuahua, Mexico. Some of these have now patched up the holes and removed the Coinhive software, though hundreds still have yet to do so.

The flaw that allowed the hackers to take advantage of this has been known about since March and Drupal has been updated by the developers since. However, not all websites have installed the necessary patches, which has left many vulnerable. Although 400-plus sites were infected in this latest attack, with more than a million sites using the CMS globally, there is real potential for further attacks of increased scope.

If you’re interested in mining cryptocurrencies yourself — legally — know that it’s far from easy to turn a profit. If you have cheap electricity and enough investment funds though, it is possible. Here’s how to get started.

If you’d rather just play a game that simulates it though, there’s always Bitcoin Tycoon.

Smart Home

After camera hacks, Nest locks customers out until they change their password

Nest is locking people out of their accounts if it believes there may have been a breach. Users will have to set up a new, secure password before they are able to regain access to their account.

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.

Having problems with your Xbox One console? We have the solutions

The Xbox One has evolved over the years, but so have its problems. Thankfully, we have solutions for some of the console's most enduring problems, whether you're experiencing issues with connectivity or your discs.

You're never too broke to enjoy the best free-to-play games

Believe it or not, free-to-play games have evolved into engaging, enjoyable experiences. Here are a few of our favorites that you can play right now, including Warframe and the perennially popular League of Legends.

New Chrome feature aimed at preventing websites from blocking Incognito Mode

A new Chrome feature will prevent websites from blocking Chrome users as they browse using Incognito Mode. The feature is supposed to fix a known loophole that allows websites to detect and block those using Incognito Mode.

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.

Microsoft extension adds Google Chrome support for Windows Timeline

The Windows Timeline feature is now much more versatile thanks to the added support for Google's Chrome browser. All you need to do to increase its functionality is to download the official Chrome extension.

Chrome is a fantastic browser, but is is still the best among new competitors?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Movies & TV

Here’s how to watch the 2019 Oscars livestream online

The 91st Academy Awards will air live on ABC, but there are also a number of ways to watch Hollywood's biggest night online using your mobile device, desktop, or set-top streamer. Here's how to catch the Oscars livestream.

YouTube changes its strikes system, offers softer first-offense penalty

YouTube announced changes to its strikes system for its content creators. The changes include a softer first-offense penalty for creators who violate YouTube's guidelines and more consistent penalties for further violations.

An experimental feature could help reduce memory usage in Google Chrome

Google Chrome might be the most popular web browser, but it also is a resource hog. Google is currently working on an experimental feature for Chrome which sets out to reduce its overall memory usage. 

Need a free alternative to Adobe Illustrator? Here are our favorites

Photoshop and other commercial tools can be expensive, but drawing software doesn't need to be. The best free drawing software is just as powerful as some of the more expensive offerings.

Edit, sign, append, and save with six of the best PDF editors

Though there are plenty of PDF editors to be had online, finding a solution with the tools you need can be tough. Here are the best PDF editors for your editing needs, no matter your budget or OS.

Rid yourself of website notification requests in just a few easy steps

Wish you knew how to block browser and website notifications? You can do it on a case by case basis, but that can become dull after the 10th site has asked for your approval. Here's how to block them outright.