November 23, 2018

Charity Foundation “Make-A-Wish” was targeted by crypto jacking attack



The attackers launched crypto jacking attack using a unpatched Drupal vulnerability inside the foundation website.


Using Drupalgeddon 2 vulnerability attackers were stealing the CPU resources from the visitor of the international website of Make-A-Wish. Researcher said they have found the CoinIMP crypto jacking script was embedded since last May inside the website which allows the attackers to mine Monero Crypto currency.


“Embedded in the site was a script using the computing power of visitors to the site to mine cryptocurrency into the cybercriminals’ pockets, making their ‘wish’ to be rich, come ‘true,'” said Simon Kenin, security researcher with Trustwave.


According to kenin, the CoinIMP is a Javascript code, which is often used for crypto mining and feeding the miner the targeted user’s resources without their prior knowledge.

The investigation is showing the script was hosted from drupalupdates.tk’. which was using for organizing mining campaign using Drupalgeddon 2 vulnerability since May, 2018.


However the patch has been released for the critical bug (CVE-2018-7600), but many systems remain unpatched. Attackers use this advantage and targeted more than 115,000 websites.

According to Trustware this is very difficult to track the crypto jacking campaign as the script uses different techniques to avoid detection. It has modules which keeps on changing the hostname, which actually hosts the script. Then the Web socket proxy is also used different domains and IPs to avoid being blacklisted.


Kevin reached out to the Make-A-Wish foundation but the reply is yet to come. However the Website is free from this script now according to one spoke person of Ma-A-Wish foundation, he said “No Make-A-Wish International donor or constituent data was compromised by this incident. Make-A-Wish International is redoubling its efforts to maintain website security against third-party threats”. It is very important to apply patch periodically to avoid any kind of attack.

24 comments:

  1. Once you exchange Bitcoins, they are no more. You can't recover them without the beneficiary's assentTop 10 Trading

    ReplyDelete
  2. You have done a great job. I will definitely dig it and personally recommend to my friends. I am confident they will be benefited from this site. passive income with cryptos

    ReplyDelete
  3. We have sell some products of different custom boxes.it is very useful and very low price please visits this site thanks and please share this post with your friends. Private Bitcoin Exchange

    ReplyDelete
  4. The author has so wonderfully enthralled the consideration of group of onlookers by this radiant blog.
    God Gospel

    ReplyDelete
  5. Hello, I have browsed most of your posts. This post is probably where I got the most useful information for my research. Thanks for posting, maybe we can see more on this. Are you aware of any other websites on this subject. cable tv providers near me

    ReplyDelete
  6. An exceptionally complex method for composing, making impacts particularly in dialect and writing.
    cryptocurrency trading platform

    ReplyDelete
  7. It is especially decent, though look into the tips during this home address. https://www.donorpoints.com

    ReplyDelete
  8. Your blog is too much amazing. I have found with ease what I was looking. Moreover, the content quality is awesome. Thanks for the nudge! donorpoints

    ReplyDelete
  9. This technology is complex and will not be explained here, but it has the potential to revolutionize the financial services industry, as transactions can be executed quickly and easily, reducing or eliminating fees. The technology is also being examined for applications in many other industries. Getnode Erfahrung

    ReplyDelete
  10. You can do this effectively enough by enlisting with one of the trades which will have wallet for you. bitcoin escrow

    ReplyDelete
  11. With the increasing incidence of identity thefts, credit card frauds, social engineering attacks, the digital world is facing challenges in the years ahead. Obviously, cryptography, a young science, will play a prominent role in the security of protecting digital assets. This article tries to explain the basics of cryptography (encryption) using plain language. crypto

    ReplyDelete
  12. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. I was exactly searching for. Thanks for such post and please keep it up. Great work. withdraw pkv games

    ReplyDelete
  13. You have done a great job. I will definitely dig it and personally recommend to my friends. I am confident they will be benefited from this site.crypto

    ReplyDelete
  14. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with extra information? It is extremely helpful for me. Bitcoin Tumbler

    ReplyDelete
  15. I was reading some of your content on this website and I conceive this internet site is really informative ! Keep on putting up. Best bitcoin cryptocurrency investment website

    ReplyDelete
  16. they are able to control frantic times with out a hitch. And really, persons can multitask forex trading what is forex trading

    ReplyDelete
  17. You additionally need to recall that individuals do information mining of the whois source, despite the fact that it is unlawful and it is expected for educational purposes as it were. seonocurenopay.com

    ReplyDelete
  18. I am happy to find your distinguished way of writing the post. Now you make it easy for me to understand and implement the concept. Thank you for the post. defi

    ReplyDelete
  19. it's applied to the series, and they've found a block. After an equivalent data series on the block matches up with the algorithm, the block of data has been unencrypted. The miner gets a reward of a specific amount of cryptocurrency. best source cryptocurrency

    ReplyDelete
  20. Your watchwords (and the subsequent improvement) ought to precisely mirror the substance of the page.Keywords ought to consistently reflect what is the issue here. Webdesign

    ReplyDelete
  21. The facts demonstrate that 44% of independent ventures don't have a site or blog.Webdesign-seo-antwerpen.be

    ReplyDelete
  22. This is a splendid website! I"m extremely content with the remarks!. P2PB2B Referral Code

    ReplyDelete