The rapidly increasing incidents of malware activities apparently show that crypto-jackers are devoid of any moral norms. Several governments, charitable organizations, colleges, technology firms have been exploited by cryptocurrency malware. US-based global non-profit organization Make-A-Wish Foundation is the latest in the list of targets of crypto-jackers.
Security experts from Trustwave discovered that the foundation’s website– worldwish.org was infected with a cryptojacking malware known as CoinImp. The malware defects the site with a malicious content to defraud and steal the details of visitors registering with the website. Hackers purportedly infected the worldwish.org domain in order to secretly mine cryptocurrency Monero (XMR).
As per researchers analyzing the development, the source of the malware is possibly Make-A-Wish’s choice to incorporate an old form of Drupal’s CMS (content management system).
Crypto-jacking contents have posed a tremendous threat in the previous year, affecting many sites worldwide. Not long ago, this year, analysts revealed that as part of the malware operation popularly known as ‘Drupalgeddon2, hackers were targeting around 100,000 Drupal websites. Trustwave firm speculates that the Drupalgeddon programmers may be liable for the malware attack on the Make-A-Wish Foundation’s website.
As per Trustwave, the malware script has since been expelled from the Make-A-Wish site.
Crypto-hackers have managed to misuse about 400 famous sites using old versions of Drupal like the US National Labor Relations Board (NLRB), Lenovo, a Chinese tech firm, D-Link, a Taiwanese hardware producer, and the University of California, Los Angeles (UCLA). However, not just Drupal destinations are in danger. Earlier this year, approximately 300,000 routers in India and Brazil were seen to be at risk with cryptocurrency mining malware.
According to a recent report by McAfee Labs, more than 2.5 million new crypto jacking contents were introduced just in the second quarter of 2018. Another interesting point that the research report exposed was that mining scripts were not always planned by crypto hackers. Even renowned organizations, charitable trusts have used these scripts to boost money for their initiatives, despite the skepticism showed by authorities regarding its efficiency.