Cryptojacking malware hits Make-A-Wish Foundation site

Cybercriminals are at it again, this time setting their sights on a charity foundation.

Last week, researchers at security firm Trustwave reported that they have found a CoinImp crypto mining script has been injected into the official website of Make-A-Wish Foundation. In a blog post, the Trustwave researchers said the malware has been mining cryptocurrencies since May 2018. CoinImp has been using the website visitors’ computing power to mine cryptocurrencies.

Upon further investigation, researchers discovered that the foundation’s website became vulnerable earlier this year when its domain host, Drupal, became vulnerable to CVE-2018-7600, a remote code execution bug popularly known as “Drupalgeddon 2.” Drupal, an open source content management system, claimed that the vulnerability allowed hackers to inject malicious malware into specific websites that had failed to add in their security patch.

The CoinImp miner is based on the JavaScript and is generally used by individuals who secretly want to mine Monero currency using visitor’s phone, tablet or computer.

This particular cryptojacking incident was difficult to find because it used different techniques to avoid detection, according to Trustwave’s Simon Kenin. First, the malware changes the domain name that hosts the JavaScript miner. In addition, the WebSocket proxy also used different domains and IPs to avoid blacklist solutions.

Researchers have warned that Drupal-based websites need to be updated to avoid attacks from these and other malicious malware. Just this spring, the Drupalgeddon 2 bug, Remote Code Execution (RCE) vulnerability in the older versions of Drupal, affected more than 100,000 sites.

Meanwhile, McAfee Labs, an Internet security provider warned the public to watch out for a new cryptojacking malware called WebCobra. The company stated that unlike previous malware, the new cryptojacking malware could not be traced in the victim’s computer. The malware will slow down the user computer and consume a lot of power during its operations.