Skip to main content

Cryptojacking hackers infected 400 major websites with stealth miners

Malware miners managed to infect more than 400 big websites recently, resulting in the generation of large quantities of cryptocurrency for the attackers. The cryptojackers appear to have taken advantage of a flaw in content management system (CMS) Drupal to install the stealthy mining software under the nose of website owners.

Cryptojacking, the process of running cryptocurrency mining software on someone’s system without them realizing it, has become a hot trend in recent months. It even replaced ransomware as one of the top go-to methods for making money with malware. Although not as impactful to affected victims as ransomware or identity theft, it can still cause slowdowns on a system and potentially damage hardware if allowed to run rampant.

This latest cryptojacking craze has been termed “Drupalgeddon 2” by those who discovered it at BadPackets. It saw the hackers infiltrate websites that were running outdated and vulnerable versions of the Drupal CMS to install the cryptomining software Coinhive, as per PCMag. Although designed to allow website owners to monetize their users in ways other than advertising, Coinhive has been used by hackers to take advantage of vulnerable websites and their unwitting users.

A subsequent visit to sites affected by this latest attack forced visitors to run the software, generating cryptocurrency for the hackers. Affected sites included PC manufacturer Lenovo, the San Diego Zoo, and the government website for Chihuahua, Mexico. Some of these have now patched up the holes and removed the Coinhive software, though hundreds still have yet to do so.

The flaw that allowed the hackers to take advantage of this has been known about since March and Drupal has been updated by the developers since. However, not all websites have installed the necessary patches, which has left many vulnerable. Although 400-plus sites were infected in this latest attack, with more than a million sites using the CMS globally, there is real potential for further attacks of increased scope.

If you’re interested in mining cryptocurrencies yourself — legally — know that it’s far from easy to turn a profit. If you have cheap electricity and enough investment funds though, it is possible. Here’s how to get started.

If you’d rather just play a game that simulates it though, there’s always Bitcoin Tycoon.

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
How to download a video from Facebook
An elderly person holding a phone.

Facebook is a great place for sharing photos, videos, and other media with friends and family. But what if you’d like to download a video to store offline? This means you’d be able to watch the clip on your PC or mobile device, without needing to be connected to the internet. Fortunately, there’s a way to download Facebook videos to your everyday gadgets, although it’s not as straightforward a process as it could be.

Read more
How to delete your Gmail account (and what you need to know)
The top corner of Gmail on a laptop screen.

Is it time to part ways with your Gmail account? Whether you’re moving onto greener email pastures, or you want to start fresh with a new Gmail address, deleting your old Gmail account is something anyone can do. Of course, we’re not just going to bid you farewell without a guide all our own. If you need to delete your Gmail account, we hope these step-by-step instructions will make the process even easier.

Read more
How to change margins in Google Docs
Laptop Working from Home

You may find that Google Docs has a UI that is almost too clean. It can be difficult to find basic things you're used to, such as margin settings. Don't worry, though, you can change margins in Google Docs just like with any other word processor through a couple of different means.

Read more