Cybersecurity Firm Detects Cryptojacking Malware on Make-A-Wish Foundation Website

Published at: Nov. 20, 2018

Hackers have infected the website of global non-profit organization the Make-A-Wish Foundation with cryptojacking malware, according to a report by cybersecurity firm Trustwave posted Nov. 19.

According to Trustwave researchers, crypto jackers managed to incorporate a JavaScript (JS) miner CoinImp into the domain worldwish.org in order to illicitly mine privacy-focused cryptocurrency Monero (XMR). Similarly to the notorious Monero mining software CoinHive, CoinIMP has reportedly been using the computing power of website visitors to mine cryptocurrency.

Per the report, the CoinImp script infected the website through the drupalupdates.tk domain, which is associated with another campaign that exploited a critical Drupal vulnerability to compromise websites since May 2018.

The researchers noted that the recently detected campaign deployed a number of techniques to evade detection, including alterations of its already obfuscated domain name, as well as different domains and IPs in a WebSocket proxy.

Trustwave reportedly contacted Make-A-Wish in order to report the cryptojacking attack, but the foundation did not respond. However, the malicious injected script was eventually removed shortly after Trustwave attempted to reach the foundation, according to the report.

According to data acquired by Bloomberg, scales of cryptocurrency mining attacks have surged up to 500 percent in 2018. Recently, Internet security provider and research lab McAfee Labs uncovered a new Monero-mining malware called WebCobra that allegedly originates from Russia.

Earlier in November, Japanese global cybersecurity company Trend Micro detected a new strain of crypto-mining malware targeting PCs running Linux.

Tags
Related Posts
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
French Police Shut Down 850,000 Computer Botnet Used for Cryptojacking
French police have shut down a massive botnet that has been used for Monero (XMR) cryptojacking. Cryptojacking backed by “massive firepower” BBC News reported the development on Aug. 27. According to the police, the botnet was distributed by sending virus-laden emails with offers for erotic pictures or fast cash, and further propogated through infected USB drives. The virus, called Retadup, ultimately infected 850,000 computers in over 100 countries — thus creating a massive botnet. The chief of C3N — the French police’s cybercrime unit — Jean-Dominique Nollet spoke on France Inter radio about the power of a botnet this size, …
United States / Aug. 28, 2019
US: Crypto Initiative Donates Monero to Bail Out Immigrants in ICE Detention
The Bail Bloc initiative has started using cryptocurrency raised through charity to help people get out of U.S Immigration and Customs Enforcement (ICE) pretrial incarceration, according to a tweet posted by a Bail Bloc co-founder Nov. 15. ICE is a law enforcement agency of the federal government of the U.S, the mission of which is to monitor cross-border crime and illegal immigration. In 2017, the agency conducted 143,470 overall administrative arrests, 92 percent of which resulted in a criminal conviction or a pending criminal charge. In ICE detention people are required to pay an immigration bond in exchange for their …
United States / Nov. 17, 2018
Trend Micro: BlackSquid Malware Infects Servers to Install Monero Cryptojacking Software
Cybersecurity firm Trend Micro announced that it found a malware dubbed BlackSquid that infects web servers employing eight different security exploits and installs mining software. The findings were announced in a blog post published on June 3. Per the report, the malware targets web servers, network drives and removable drives using eight different exploit and brute force attacks. More precisely, the software in question employs “EternalBlue; DoublePulsar; the exploits for CVE-2014-6287, CVE-2017-12615, and CVE-2017-8464; and three ThinkPHP exploits for multiple versions.” While the sample acquired by Trend Micro installs the XMRig monero (XMR) Central Processing Unit-based mining software, BlackSquid could …
Altcoin / June 4, 2019
Cryptocurrency Mining Malware Detections Up Almost 500 Percent in 2018: Report
Leaked code targeting Microsoft Systems which hackers allegedly stole from the U.S. National Security Agency (NSA) sparked a fivefold increase in cryptocurrency mining malware infections, Bloomberg reports Wednesday, September 19, citing a new cryptojacking report. Eternal Blue, the tool which can exploit vulnerabilities in Microsoft software, is behind the now-infamous global cyberattacks WannaCry and NotPetya, which continue to cause disruption since they first surfaced in 2017. Bloomberg notes that Eternal Blue was allegedly stolen from the NSA in 2017 by a hacking group called the Shadow Brokers. Hackers have since been using the tool in order to gain access to …
United States / Sept. 19, 2018