Cryptojacking hackers infected 400 major websites with stealth m - - Huntsville, Alabama - News Weather, Sports |

Cryptojacking hackers infected 400 major websites with stealth miners

By Jon Martindale

Content Provided by  

Malware miners managed to infect more than 400 big websites recently, resulting in the generation of large quantities of cryptocurrency for the attackers. The cryptojackers appear to have taken advantage of a flaw in content management system (CMS) Drupal to install the stealthy mining software under the nose of website owners.

Cryptojacking, the process of running cryptocurrency mining software on someone’s system without them realizing it, has become a hot trend in recent months. It evenreplaced ransomware as one of the top go-to methods for making money with malware. Although not as impactful to affected victims as ransomware or identity theft, it can still cause slowdowns on a system and potentially damage hardware if allowed to run rampant.

This latest cryptojacking craze has been termed “Drupalgeddon 2” by those who discovered it atBadPackets.It saw the hackers infiltratewebsites that were running outdated and vulnerable versions of the Drupal CMS to install the cryptomining software Coinhive, as per PCMag. Although designed to allow website owners to monetize their users in ways other than advertising, Coinhive has been used by hackers to take advantage of vulnerable websites and their unwitting users.

A subsequent visit to sites affected by this latest attack forced visitors to run the software, generating cryptocurrency for the hackers. Affected sites included PC manufacturer Lenovo, the San Diego Zoo, and the government website for Chihuahua, Mexico. Some of these have now patched up the holes and removed the Coinhive software, though hundreds still have yet to do so.

The flaw that allowed the hackers to take advantage of this has been known about since March and Drupal has been updated by the developers since. However, not all websites have installed the necessary patches, which has left many vulnerable. Although 400-plus sites were infected in this latest attack, with more than a million sites using the CMS globally, there is real potential for further attacks of increased scope.

If you’re interested in mining cryptocurrencies yourself — legally — know that it’s far from easy to turn a profit. If you have cheap electricity and enough investment funds though, it is possible. Here’s how to get started.

If you’d rather just play a game that simulates it though, there’s always Bitcoin Tycoon.

  helps readers keep tabs on the fast-paced world of tech with all the latest news, fun product reviews, insightful editorials, and one-of-a-kind sneak peeks.

Powered by Frankly
All content © Copyright 2000 - 2018 WAAY. All Rights Reserved.
For more information on this site, please read our Privacy Policy, and Terms of Service, and Ad Choices.