Hackers have infected hundreds of sites with a content management system (CMS) Drupal malware, used to mine the cryptocurrency Monero.
This incident was uncovered by Troy Mursch, a security researcher at the Bad Packets Report website. He wrote that more than 300 sites were compromised by hackers who installed Coinhive mining software, which extracts Monero, using a vulnerability in the outdated version of CMS Drupal.
"Cryptojacking", as these attacks are called, has become a common problem in recent months. Previously, hackers preferred extortion, simply blocking data on victim computers and demanding ransom in bitcoins or other cryptocurrencies. However, they are now increasingly infecting sites with scripts that use visitor computers to drop cryptocurrency in favor of intruders.
Troy Mursh notes that although cryptojacking is not as dangerous as extortion as direct infection, this attack continues to be a problem, especially for site operators. He explained:
"Coinhive and similar programs work on JavaScript. Every modern browser and device can run JavaScript, so anyone can mine cryptocurrency, and, unfortunately, Coinhive is increasingly used for hidden mining. In this particular case, using Drupal sites, you need to update the system as soon as possible."
Among the affected sites are the San Diego Zoo, the US National Labor Relations Council, the Marion and Ohio City websites, the Aleppo University, the Ringling College of Art and Design and the Chihuahua Government website in Mexico. A full list of affected sites can be found using google.
Visitors to these sites may not even notice that their computers are running cryptocurrency for hackers. Attacks slow down the operation of user devices and can cause premature wear of computer equipment in months.
However, not all Coinhivers use it for malicious purpose. The Salon newsletter and the UNICEF organization use browser-based mining to raise funds for charity and run it with the permission of the site's visitors.
Make sure your favorite site is not loading your CPU high for a long time, it might turn out to be a Cryptojacking case when computer resources are stolen in favor of crypto miners you know nothing about.