More than three hundred websites running an outdated and vulnerable version of the Drupal content management system have been hacked with malicious software used to mine the cryptocurrency Monero.
The latest high-profile cryptojacking incident was discovered by Troy Mursch, the security researcher behind the website Bad Packets Report. He said the affected websites include government and university sites from all over the world.
Mursch said, at first ,he was alerted to a cryptojacking campaign affecting the websites of the San Diego Zoo and the government of Chihuahua, Mexico. Further analysis found that more than 300 sites were compromised by hackers who installed the browser mining software Coinhive, which mines the cryptocurrency monero.
All the infected sites pointed to the same domain using the same Coinhive site key. In all, 348 websites were infected.
The affected sites varied by hosting providers and countries and no specific one appeared to be targeted. The most unique domains were found in the United States - 122 - and were hosted by Amazon.
The hacked Government sites include US federal agency, The National Labor Relations Board; Mexico's state Government of Chihuahua; City of Marion, Ohio; Arizona Board of Behavioral Health Examiners; Office of Inspector General of the U.S. Equal Employment Opportunity Commission (EEOC); and Turkish Revenue Administration.
Other notable sites include those of Lenovo, UCLA, and DLink (Brazil).
University / school sites affected include Syria's University of Aleppo; College of Biblical Studies in Houston; Vidyalankar Institute of Technology in India; Asia Pacific Institute of Information Technology; and Iran's Islamic Azad University.
CoinDesk quoted Mursch as saying that cryptojacking continues to be a problem - especially for website operators. He advised Drupal users to update as soon as possible.
by Joji Xavier
For comments and feedback: contact editorial@rttnews.com