The website ‘Bad Packets Report’ has released a list of some 300 sites that have been compromised by “cryptojacking”, including Chinese hardware maker Lenevo.
Coindesk reports that the site’s security adviser, Troy Mursch, wrote last week that the compromised sites had been infected by hackers installing a browser mining software which exploited an outdated version of Drupal, a content management system (CMS). The two vulnerabilities, CVE-2018-7600 and CVE-2018-7602, have left numerous websites vulnerable to hacks if they did not receive immediate updates.
Incidents of cryptojacking are currently on the rise, defined as the secret use of one’s computing device to mine cryptocurrency. The hacking used to occur when the victim unknowingly installed a program on their computer which secretly mined cryptocurrency. Now, hackers are infecting websites with software that utilizes the victim’s computer power to mine cryptocurrency on the attackers’ behalf.
The list published by Mursch includes government and university portals as well as private companies, but is not the first of such alerts. After a previous release by cyber-security firm Imperva, warning that Drupal sites were being hacked by ‘Kitty’, an in-browser cryptocurrency miner containing a file named ‘me0w.js.’, it became clear that these sites were at risk.
Mursch explained why mining malware is currently rife:
Not all Coinhive users are malicious, as Bitcoin News reported recently. UNICEF recently launched a project called ‘The Hope page’ in support of Rohingya refugees in Bangladesh, which used the crypto mining service to fund its project. In this case, users gave permission to UNICEF to mine the coin monero using donors’ computer power.