November 23, 2018

Charity Foundation “Make-A-Wish” was targeted by crypto jacking attack



The attackers launched crypto jacking attack using a unpatched Drupal vulnerability inside the foundation website.


Using Drupalgeddon 2 vulnerability attackers were stealing the CPU resources from the visitor of the international website of Make-A-Wish. Researcher said they have found the CoinIMP crypto jacking script was embedded since last May inside the website which allows the attackers to mine Monero Crypto currency.


“Embedded in the site was a script using the computing power of visitors to the site to mine cryptocurrency into the cybercriminals’ pockets, making their ‘wish’ to be rich, come ‘true,'” said Simon Kenin, security researcher with Trustwave.


According to kenin, the CoinIMP is a Javascript code, which is often used for crypto mining and feeding the miner the targeted user’s resources without their prior knowledge.

The investigation is showing the script was hosted from drupalupdates.tk’. which was using for organizing mining campaign using Drupalgeddon 2 vulnerability since May, 2018.


However the patch has been released for the critical bug (CVE-2018-7600), but many systems remain unpatched. Attackers use this advantage and targeted more than 115,000 websites.

According to Trustware this is very difficult to track the crypto jacking campaign as the script uses different techniques to avoid detection. It has modules which keeps on changing the hostname, which actually hosts the script. Then the Web socket proxy is also used different domains and IPs to avoid being blacklisted.


Kevin reached out to the Make-A-Wish foundation but the reply is yet to come. However the Website is free from this script now according to one spoke person of Ma-A-Wish foundation, he said “No Make-A-Wish International donor or constituent data was compromised by this incident. Make-A-Wish International is redoubling its efforts to maintain website security against third-party threats”. It is very important to apply patch periodically to avoid any kind of attack.

31 comments:

  1. Once you exchange Bitcoins, they are no more. You can't recover them without the beneficiary's assentTop 10 Trading

    ReplyDelete
  2. You have done a great job. I will definitely dig it and personally recommend to my friends. I am confident they will be benefited from this site. passive income with cryptos

    ReplyDelete
  3. We have sell some products of different custom boxes.it is very useful and very low price please visits this site thanks and please share this post with your friends. Private Bitcoin Exchange

    ReplyDelete
  4. The author has so wonderfully enthralled the consideration of group of onlookers by this radiant blog.
    God Gospel

    ReplyDelete
  5. Hello, I have browsed most of your posts. This post is probably where I got the most useful information for my research. Thanks for posting, maybe we can see more on this. Are you aware of any other websites on this subject. cable tv providers near me

    ReplyDelete
  6. An exceptionally complex method for composing, making impacts particularly in dialect and writing.
    cryptocurrency trading platform

    ReplyDelete
  7. It is especially decent, though look into the tips during this home address. https://www.donorpoints.com

    ReplyDelete
  8. Your blog is too much amazing. I have found with ease what I was looking. Moreover, the content quality is awesome. Thanks for the nudge! donorpoints

    ReplyDelete
  9. This technology is complex and will not be explained here, but it has the potential to revolutionize the financial services industry, as transactions can be executed quickly and easily, reducing or eliminating fees. The technology is also being examined for applications in many other industries. Getnode Erfahrung

    ReplyDelete
  10. You can do this effectively enough by enlisting with one of the trades which will have wallet for you. bitcoin escrow

    ReplyDelete
  11. With the increasing incidence of identity thefts, credit card frauds, social engineering attacks, the digital world is facing challenges in the years ahead. Obviously, cryptography, a young science, will play a prominent role in the security of protecting digital assets. This article tries to explain the basics of cryptography (encryption) using plain language. crypto

    ReplyDelete
  12. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. I was exactly searching for. Thanks for such post and please keep it up. Great work. withdraw pkv games

    ReplyDelete
  13. You have done a great job. I will definitely dig it and personally recommend to my friends. I am confident they will be benefited from this site.crypto

    ReplyDelete
  14. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with extra information? It is extremely helpful for me. Bitcoin Tumbler

    ReplyDelete
  15. they are able to control frantic times with out a hitch. And really, persons can multitask forex trading what is forex trading

    ReplyDelete
  16. You additionally need to recall that individuals do information mining of the whois source, despite the fact that it is unlawful and it is expected for educational purposes as it were. seonocurenopay.com

    ReplyDelete
  17. I am happy to find your distinguished way of writing the post. Now you make it easy for me to understand and implement the concept. Thank you for the post. defi

    ReplyDelete
  18. it's applied to the series, and they've found a block. After an equivalent data series on the block matches up with the algorithm, the block of data has been unencrypted. The miner gets a reward of a specific amount of cryptocurrency. best source cryptocurrency

    ReplyDelete
  19. Your watchwords (and the subsequent improvement) ought to precisely mirror the substance of the page.Keywords ought to consistently reflect what is the issue here. Webdesign

    ReplyDelete
  20. The facts demonstrate that 44% of independent ventures don't have a site or blog.Webdesign-seo-antwerpen.be

    ReplyDelete
  21. This is a splendid website! I"m extremely content with the remarks!. P2PB2B Referral Code

    ReplyDelete
  22. Mining rigs for sale with worldwide delivery. We are a team of professionals with experience in Blockchain Management, Offline Sales, and Bitmain antminer Mining. Innosilicon g32 grin miner and best miner for lyra2rev2. As experts in Asic mining rigs for sale, we are specialists in reselling Antminer hardware since 2017! We exclusively sell products of the manufacturer and brand Bitmain so we can offer you great service and the best online pricing. ibelink, ibelink Asic, ibelink bm-k1, bitmain antminer s13 pro, bitcoin miners.

    ReplyDelete
  23. Buying a small business requires a tremendous amount of preparation. Successful and well managed businesses that are for sale are in short supply and a serious buyer will need to be well prepared prior to pursuing a purchase. This article outlines the process an entrepreneur should follow in such a pursuit. News on cryptocurrency

    ReplyDelete
  24. Every day there is more news about what can, may, and should happen in the world of Crypto Currencies (CC's) and Blockchain. There has been significant investment, research, and lots of chatter, but the coins and the projects are still not mainstream. Abra referral code

    ReplyDelete
  25. Every day there is more news about what can, may, and should happen in the world of Crypto Currencies (CC's) and Blockchain. There has been significant investment, research, and lots of chatter, but the coins and the projects are still not mainstream. wazirx

    ReplyDelete
  26. Every day there is more news about what can, may, and should happen in the world of Crypto Currencies (CC's) and Blockchain. There has been significant investment, research, and lots of chatter, but the coins and the projects are still not mainstream. bybit referral code

    ReplyDelete
  27. Cryptocurrencies are the future. There are 1600 such coins. This article examines Nano and Nexty Coins To Understand their uses, benefits, and features. crypto ads

    ReplyDelete
  28. 2014 is shaping up to be a banner year for baby boomer business owners who want to sell their businesses and retire. What are some of the factors that are coming together to make 2014 the "year of the seller?" If you are a baby boomer business owner who is thinking about exiting your business learn why you might want to do so this year. 9ja news

    ReplyDelete
  29. This article mainly outlines the current issues with mymonero wallet in India and their legal establishment in the coming years. It also covers the active projects and their functionality with a little elaboration.

    ReplyDelete
  30. China has been aggressive towards cryptocurrency over the past few years. With increasing adoption of blockchain, cryptocurrency is gaining popularity as an alternative investment. I will explore how China is moving towards a blockchain-enabled nation and accept cryptocurrency in the near future. stablecoin for euro

    ReplyDelete
  31. Games are good ways of killing time during the leisure hours. With its key components like goals, challenge, regulations and dealings, games can be mentally stimulating, and can develop practical skills. However, with the development of technology, people across the world are increasingly using online games. real money pool games

    ReplyDelete