The wishes of cybercriminals to infect the Make A Wish Foundation website with malware was successful after security experts found Coinlmp crypto mining script in the foundation’s site.
Although the site is all about making a wish for kids with critical illness to cybercriminals, it’s just another critical target for their cryptojacking excises. According to Trustwave Security Company cybercriminals infected the Make A Wish Foundation website by manipulating a vulnerability on the content management system hosting its site. After gaining access to the website, they were able to inject the CoinImp crypto mining crypto malware and mine cryptocurrency.
Drupal is an open source content management platform that is providing hosting service to Make A Wish Foundation. Earlier this year, the former platform announced they had discovered a vulnerability on its platform that was being used by hackers to inject malicious code in their systems. Through the loophole, the hackers were able to inject malware on specific websites that didn’t install the security patch released by Drupal. According to reports, the Drupalgeddon 2 bug found in previous old versions of the platform led to 100,000 sites getting attacked in spring. The latter is a Remote Code Execution (RCE) bug. According to security experts, this is the same vulnerability used to inject the malware in Make A Wish Foundation.
The Magnitude of the Malware
According to security experts, the scope of cryptojacking malware is vast and is still increasing on a daily basis. From Citrix report released early this year 59% of sites in the UK are victims of cryptojacking excises. Apart from the 59% being reported in the UK, the numbers might be higher since the malware is injected without the user’s knowledge. Besides CoinImp malware McAfee Lab have informed the public about a new malware WebCobra. WebCobra makes its hard to trace since it can operate without a trace. For the victims, all they get is a huge utility bill and a slow working computer.
Apart from Make A Wish Foundation, the Indian government was hit hard with a malware that crippled several government sites in September. On the other hand, in Brazil 300,000 routers have been infected with malware. From the look of things, cybercriminals are targeting commonly used websites such as government sites which have thousands of visitors. From these sites computing power together with their visitor’s power cybercriminals have a massive computing power to mine cryptocurrency.