How Make-A-Wish Was Hacked For Monero (XMR)

Cyber hacking is nothing new but surely some of these hackers have some kind of moral compass?!

One of the most recent victims of cyber hacking is the United States based, non-profit organisation Make-A-Wish Foundation which recently had its website hacked. Since March this year, the hacker has been taking advantage of the Drupal vulnerability to mine the Monero cryptocurrency as per its research findings from an independent research lab.

For those that don’t know Drupal is a free and open source content management framework written in PHP and distributed under the GNU General Public License. The open-source platform provides a back-end framework for over 2 percent of all websites across the globe.

On the 19th of November, a crypto research company Trustware SpiderLabs founded research which indicates that cybercriminals infused a crypto mining software called CoinIMP, into the codes of the Make-A-Wish website. CoinIMP miner is based on JavaScript and is usually used by attackers who secretly embed the code into web pages and use it to mine Monero deploying the site users computer strengths

The research company made note that bad actors had an easy entry into the website as it was using an older version of the Drupal content management system.

Simon Kenin a security researcher at Trustwave stated:

“A quick investigation showed that the domain ‘drupalupdates.tk’ that was used to host the mining script are part of a known campaign which has been exploiting Drupalgeddon 2 in the wild since May 2018.”

As reported by BTC Manager, the findings of Trustwave also suggest that similar kind of crypto hacking activities have been taking place since May this year and is part of the popular campaign that has been exploiting Drupalgedden 2. It also highlights that although the campaign has been updated several times since May this year, there are many owners of some websites which haven’t been flexible enough to be able to update their Drupal CMS version on a timely basis.

The exploitation of this vulnerability has given hackers the chance to modify the pages of the website and plant its crypto miner in it. If we look further into this we can see how smartly attackers used several tricks to evade static detection which includes changing the domain name hosting the JavaScript Web Miner.

In a report Kenin stated:

“Embedded in the site was a script using the computing power of visitors to the site to mine cryptocurrency into the cybercriminals’ pockets, making their 'wish' to be rich, come 'true'. It’s a shame when criminals target anyone but targeting a charity just before the holiday season? That’s low.”

What are your thoughts? Let us know what you think down below in the comments!