- #DRUPAL WEBSITES ARE VICTIMS TO CRYPTOJACKING CAMPAIGNS UPDATE#
- #DRUPAL WEBSITES ARE VICTIMS TO CRYPTOJACKING CAMPAIGNS PATCH#
- #DRUPAL WEBSITES ARE VICTIMS TO CRYPTOJACKING CAMPAIGNS SOFTWARE#
- #DRUPAL WEBSITES ARE VICTIMS TO CRYPTOJACKING CAMPAIGNS CODE#
They did so by taking advantage of a soft spot in the outdated version of the Drupal Content management system and installed the browser mining software Coinhive which uses the computational power of the website visitor to mine Monero. Troy Mursch said on Saturday that over three hundred websites have been affected by the attack with the hackers having installed Coinhive, the browser mining software. This attack has been discovered by the security researcher who works for the website Bad Packets Report.
In this recent most cryptojacking attack, hundreds of websites which make use of the Drupal Content Management system have been injected with the malicious software which is sued to mine cryptocurrencies by using other peoples’ computational power to mine Monero.
In a string of similar attacks which have been going on for a while now, hackers have managed to infect hundreds of websites with software which enables them to make use of other peoples’ computers to mine cryptocurrency for them through their browsers.
#DRUPAL WEBSITES ARE VICTIMS TO CRYPTOJACKING CAMPAIGNS UPDATE#
“If you’re a website operator using Drupal’s content management system, you need to update to the latest available version ASAP.The world of cryptocurrencies has never been one without its fair share of controversy and problems which constantly leads to people being skeptical about the alternative economic system. “This latest cryptojacking campaign is yet another example of Drupal websites being exploited on a mass scale,” Mursch said. More recently, attackers behind a ransomware attack hitting the Ukrainian Energy Ministry appear to have made use of the highly critical remote-code execution bug. Also, a botnet dubbed Muhstik installs cryptocurrency miners and launches DDoS attacks via compromised systems. Earlier in May, researchers at Imperva Incapsula found a cryptomining malware dubbed “kitty” targeting servers and browsers open to Drupalgeddon 2.0. The cryptomining campaign is only the most recent one to take advantage of the headache that is the Drupal glitch. Mursch said the US-CERT has been notified of the active campaign. The list of affected sites has been added to the spreadsheet. I've been monitoring the latest #cryptojacking campaign using upgraderservicescf to inject #Coinhive on vulnerable Drupal websites.
#DRUPAL WEBSITES ARE VICTIMS TO CRYPTOJACKING CAMPAIGNS CODE#
The campaign, which uses the domain name upgraderservicescf to inject Coinhive, impacts over 250 websites, including a police department’s website in Belgium and the Colorado Attorney General’s office.Ĭoinhive is a company that offers a Monero JavaScript miner to websites as a nontraditional way to monetize website content. Coinhive’s JavaScript miner software is often used by hackers, who sneakily embed the code into websites and then mine Monero currency by tapping the CPU processing power of unwitting site visitors’ phones, tablets and computers. Meanwhile, while the researcher was scanning for vulnerable sites, he also found yet another new cryptojacking campaign targeting Drupal websites. Mursch told Threatpost he has passed along the list of impacted sites to CERTs and other government organizations for help notifying them. Around 134,447 sites were not vulnerable. Of those sites, more than 115,000 were vulnerable, said Mursch, but it may be more: He said he could not ascertain the versions used for 225,056 of the sites. I've shared the list of 115,070 vulnerable Drupal sites with and Due to the highly critical risk of CVE-2018-7600 being exploited, the list won't be shared publicly. Mursch said he located almost 500,000 sites using Drupal 7 (the most widely used version) using the source-code search engine Publicwas not considered vulnerable, as Drupal CMS versions before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 are impacted (along with the Drupal 6 and 8.3.x and 8.4.x releases, according to Drupal). Drupalgeddon 2.0 “potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised,” according to MITRE’s Common Vulnerabilities and Exposures bulletin.
#DRUPAL WEBSITES ARE VICTIMS TO CRYPTOJACKING CAMPAIGNS PATCH#
According to researcher Troy Mursch, up to 115,070 sites are still vulnerable, including websites of a large television network, a mass media and entertainment conglomerate and two “well-known computer hardware manufacturers.”Ī patch for the critical remote-code execution bug ( CVE-2018-7600), has been available since March. educational institutions and government organizations around the world. When it was first revealed, the bug, which has been dubbed Drupalgeddon 2.0, impacted an estimated 1+ million sites running Drupal – including major U.S.
More than 115,000 sites are still vulnerable to a highly critical Drupal bug – even though a patch was released three months ago.
0 kommentar(er)
