New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Make-A-Wish Targeted in Cryptojacking Attack

Make-A-Wish never patched the Drupal vulnerability which has allowed hackers to steal CPU-cycles to allow them to mine Monero cryptocurrency. Researchers have realized the miner has been active since May and is JavaScript-based after taking a quick look at drupalupdates.tk domain. “Embedded in the site was a script using the computing power of visitors to the site to mine cryptocurrency into the cybercriminals’ pockets, making their ‘wish’ to be rich, come true.” A hack campaign of any kind is unfortunate, but one like this targeting a giving charity right before the holidays is one of the more ruthless we’ve seen recently. This effort was especially hard to discover on the grounds that it utilized distinctive systems to evade static alarms. For example, it begins with changing domains that have the miner. At that point, the WebSocket intermediary additionally utilized distinctive sites and IPs to keep them unknown. There has been a patch (CVE-2018-7600) for this vulnerability for a while. In June it was estimated that there were 115,000 sites still vulnerable.

Analyst Notes

Corporations should always keep updated on patches for vulnerabilities that would affect them directly. Although it is still difficult to detect, malware detection techniques should be implemented by the corporation’s security teams as well. A rise in helpdesk complaints about computers running slower should make security teams aware. Overheating systems should also raise a red flag.