Drupalgeddon 2.0

Written by:
Lucie Sadler
Date Posted:
8 May 2018
Category:
Security

Dig, dig, dig.

Hundreds of unpatched Drupal sites have been infected with Malware that secretly mines cryptocurrency. Sneaky.

The Malware was planted on servers by embedding code that could mine Monero. This meant that CPU processing power of site visitors’ computers, phones and tablets could be tapped into. And voilà  – free processing power.

Dubbed Drupalgeddon 2.0, the Malware affects versions 6,7 and 8 of Drupal CMS. Nearly 400 sites including US government depts, universities and the Chinese tech company Lenovo have been affected so far.

The cryptominer was made by Coinhive, a company that offers Monero JavaScript mining to websites as a ‘non-traditional’ way to monetize web content. The Malware was contained in the “/misc/jquery.once.js?v=1.2” JavaScript library.

Oddly, all the infected JavaScript codes were pointing to the same domain name (vuuwd.com ) and the same Coinhive key, implying that it was a single individual or entity behind all the attacks. Hidden agenda here?

There are apparently over 50,000 websites running crypto-jacking campaigns without their knowledge. The code causes site visitors’ computers to pull 80% CPU resources into mining Monero.

You’d only know that your computer was being used to mine cryptocurrency if you noticed high CPU usage. So, remember to always keep your CMS up-to-date and patched.

[More tips on keeping the sneaks at bay here]

Rating: 5.0/5. From 1 vote.
Please wait...

Learn how Medichecks were able to grow

Case Studies


Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.