Cryptojacking Attack Targets Make-A-Wish Foundation Website

[silversurfer]

Hackers have been stealing CPU-cycles from visitors to the Make-A-Wish Foundation’s international website in order to mine for Monero cryptocurrency. Researchers said they found the CoinIMP mining script embedded in the non-profit’s website, and that it was taking advantage of the Drupalgeddon 2 vulnerability.

Trustwave researchers discovered the cryptominer on the Make-A-Wish International’s website and said it had been active since May. Make-A-Wish International is the global arm of the US-based Make-A-Wish Foundation.

“Embedded in the site was a script using the computing power of visitors to the site to mine cryptocurrency into the cybercriminals’ pockets, making their ‘wish’ to be rich, come ‘true,'” said Simon Kenin, security researcher with Trustwave in a Monday post outlining the discovery.

Source: https://threatpost.com/cryptojacking-att...te/139194/