Blockchain, cryptocurrencies, and insider stories by TNW.

Powered by

Nearly 400 Drupal sites infected with malware that secretly mines cryptocurrency

Coinhive malware victimizes another 400 websites including US govt, Lenovo, and UCLA

Coinhive jacking

It seems like there’s no stopping the crypto-jacking epidemic, as hackers continue to steal unsuspecting users’ computing power to mine cryptocurrency.

Security researcher Troy Mursch from Bad Packets Report has discovered that a number of websites using an outdated version of the Drupal Content Management System are being victimized by hackers for crypto-jacking.

While the primary targets of this attack — which hit some 400 sites — are US-based government entities and educational institutes, multiple tech firms’ sites have also been infected with the virus.

A list of affected websites compiled by Mursch include those of the US National Labor Relations Board (NLRB) , Chinese tech company Lenovo, Taiwanese network hardware maker D-Link, and the University of California, Los Angeles (UCLA).

Government-run websites in the US, Mexico, Turkey, Peru, South Africa, and Italy have also been affected.

Mursch discovered that all of the infected JavaScript codes were pointing to the same domain name (vuuwd.com) and same Coinhive key, implying that it was a single individual or entity behind all of these attacks.

Mursch’s previous research had found nearly 50,000 websites to be running crypto-jacking campaigns, many of them unwittingly.

An interesting fact about all of these attacks is the hackers’ mining service of choice — there’s a clear preference for Coinhive, which is responsible for more than 80 percent of all the infected websites.

Coinhive received some legitimacy after it rolled out a feature that required user consent before their computer could be used for mining. The Coinhive service along with this feature was even integrated by UNICEF to fund its charity for children in Bangladesh.

However, researchers have found that the ‘opt-in’ version is not usually very popular with websites, and they chose to integrate Coinhive with their website in a way that doesn’t inform the users.

It is high time that Coinhive halts its services that allow for mining without the knowledge of the user, and keeps only the mandatory opt-in version moving forward.

There’s no way for a user to know if their computer is being used to mine cryptocurrency through Coinhive unless they notice the high CPU usage on their device, and investigate the cause.

Thankfully, there’re ways to stop these cryptojacking malwares from exploiting your CPU’s computing power, and you can read all about them here.

Those interested in the detailed Bad Packets Report on this attack, can read it here.

Published May 8, 2018 — 07:45 UTC

Explore our
decentralized future

12 - 14 DECEMBER - ALL OVER LONDON

FIND OUT MORE
hero__character1 hero__character2