Cyber Monday Deal: Up to 60% off InvestingProCLAIM SALE

Cryptojacking Now Spreads to Drupal Content Management System

Published 04/18/2018, 01:52 PM
Updated 04/18/2018, 02:01 PM
 Cryptojacking Now Spreads to Drupal Content Management System

A recently-discovered vulnerability in Drupal, a content management system for web servers, was exploited by hackers in several occasions to mine cryptocurrencies, according to an analysis by a member of the SANS Technology Institute.

One of the most prominent attack vectors was a downloader that would dump the miner and then start it up.

“This exploit downloads a crypto coin miner and then, in a second attempt, starts it. These three commands are sent as two distinct exploit requests. We have seen a total of 3,814 requests,” wrote Johannes B. Ullrich, dean of research at SANS.

Our own investigation shows that the two IP addresses that the miners lead to are shared servers, meaning that they host various websites, which might include mining pool entities.

The fake request itself includes Baidu—a popular Chinese search engine—as its referrer, suggesting that the attacks are coming from an actor in that country.

It’s important to note, however, that putting Baidu’s URL as a referrer does not definitively prove that the hackers are Chinese.

Last year, we saw hackers using vulnerabilities in other content management systems like Wordpress to mine cryptocurrencies. This is the first time we see Drupal get hit.

Perhaps it took so long because Drupal has only 4.6% of the market share as a content management system, whereas WordPress gobbles up nearly 60% of the market.

This is similar to the explanation behind the lack of MacOS viruses in comparison to Windows.

Ullrich also notes that these exploits were designed to work with Drupal 8, although it’s also been adapted to work with version 7.

Since the exploit was discovered only last Friday, most websites running the CMS right now would still be vulnerable to it until they update their software.


This article appeared first on Cryptovest

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.