Malware miners managed to infect more than 400 big websites recently, resulting in the generation of large quantities of cryptocurrency for the attackers. The cryptojackers appear to have taken advantage of a flaw in content management system (CMS) Drupal to install the stealthy mining software under the nose of website owners.
Cryptojacking, the process of running cryptocurrency mining software on someone’s system without them realizing it, has become a hot trend in recent months. It even replaced ransomware as one of the top go-to methods for making money with malware. Although not as impactful to affected victims as ransomware or identity theft, it can still cause slowdowns on a system and potentially damage hardware if allowed to run rampant.
This latest cryptojacking craze has been termed “Drupalgeddon 2” by those who discovered it at BadPackets. It saw the hackers infiltrate websites that were running outdated and vulnerable versions of the Drupal CMS to install the cryptomining software Coinhive, as per PCMag. Although designed to allow website owners to monetize their users in ways other than advertising, Coinhive has been used by hackers to take advantage of vulnerable websites and their unwitting users.
A subsequent visit to sites affected by this latest attack forced visitors to run the software, generating cryptocurrency for the hackers. Affected sites included PC manufacturer Lenovo, the San Diego Zoo, and the government website for Chihuahua, Mexico. Some of these have now patched up the holes and removed the Coinhive software, though hundreds still have yet to do so.
The flaw that allowed the hackers to take advantage of this has been known about since March and Drupal has been updated by the developers since. However, not all websites have installed the necessary patches, which has left many vulnerable. Although 400-plus sites were infected in this latest attack, with more than a million sites using the CMS globally, there is real potential for further attacks of increased scope.
If you’re interested in mining cryptocurrencies yourself — legally — know that it’s far from easy to turn a profit. If you have cheap electricity and enough investment funds though, it is possible. Here’s how to get started.
If you’d rather just play a game that simulates it though, there’s always Bitcoin Tycoon.