“In addition to lining the pockets of miners and supporting the Bitcoin ecosystem, mining serves another vital purpose: It is the only way to release new cryptocurrency into circulation.” They are doing the work of verifying the legitimacy of Bitcoin transactions,” detailed a recent Investopedia explainer on how Bitcoin mining works. “Miners are essentially getting paid for their work as auditors. That problem completes blocks of verified transactions that are added to the cryptocurrency blockchain. The process works by rewarding currency to the first miner who solves a complex computational problem. How cryptojacking worksĬoin mining is a legitimate process in the cryptocurrency world that releases new cryptocurrency into circulation. The only signs they might notice is slower performance, lags in execution, overheating, excessive power consumption, or abnormally high cloud computing bills. Regardless of the delivery mechanism, cryptojacking code typically works quietly in the background as unsuspecting victims use their systems normally. Hackers seek to hijack any kind of systems they can take over-desktops, servers, cloud infrastructure and more-to illicitly mine for crypto coins. Source:h ttps://is the unauthorized use of someone else’s compute resources to mine cryptocurrency. Site owners should also scan for backdoors and consider restoring from an older backup or reinstalling the site from scratch. While campaigns are still raging, it is important to remember that updating a hacked site is not enough. The Drupal bugs disclosed in the past two months have received a lot of media attention, and for good reasons, as they allow an attacker easy access to vulnerable sites. "This type of behavior can be an indication of an organized attacker, developing their malware like a software product, fixing bugs and releasing new features in cycles." "The first generation of the 'Kitty malware' we discovered was version 1.5, and the latest version is 1.6," Imperva said in a report published last week. Imperva says the Monero address used in the Kitty campaign had also been spotted at the start of April in another series of hacks that targeted servers running vBulletin 4.2.x forums. They also installed a PHP-based backdoor on all compromised servers -for future access, even if the server owner updated his site- and a classic coinminer that utilized the underlying server's resources to mine Monero, instead of the users' browsers. The Imperva team didn't share the number of sites affected by this campaign but said crooks didn't limit themselves to dropping an in-browser miner only. ![]() ![]() "Kitty" malware campaign hits Drupal sitesīut before's Mursch's discovery, cyber-security firm Imperva also found another malware operation targeting Drupal sites, which they named the "Kitty" campaign because crooks hid an in-browser cryptocurrency miner inside a file named "me0w.js."Ĭrooks didn't use a version of the Coinhive in-browser miner for these attacks but instead used a similar product provided by legitimate Monero mining pool service. Mursch initially tracked down the infected files to over 100,000 domains, then narrowed down the results to 80,000 domains, and finally confirmed the infection on at least 348 sites where the in-browsing mining operation was actually taking place.Īmong victims, there are many government and university portals, such as the National Labor Relations Board (US federal agency), the Turkish Revenue Administration, the University of Aleppo, and others, which Mursch has recorded in a Google Docs spreadsheet. The researcher discovered a group that gained access to Drupal sites and hid a version of the Coinhive in-browser cryptocurrency miner inside a file named "?v=1.2," loaded on each of the compromised sites. ![]() The most recent of these campaigns has been discovered by US security researcher Troy Mursch. 348 Drupal sites running an in-browser miner Now, as time passes by, more malware campaigns targeting Drupal sites are getting off the ground -and two of them have been spotted the past week. ![]() Some webmasters updated their sites, but many didn't, and those websites quickly fell victims to backdoors and coinminers shortly after the publication of proof-of-concept attack code. Their efforts and expectations were fully rewarded, as the two vulnerabilities - CVE-2018-7600 and CVE-2018-7602- left over one million websites vulnerable to hacks if they didn't receive immediate updates. After the publication of two severe security flaws in the Drupal CMS, cybercrime groups have turned their sights on this web technology in the hopes of finding new ground to plant malware on servers and make money through illegal cryptocurrency mining.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |