Threat Intelligence: Make-A-Wish Targeted in Cryptojacking Attack

Make-A-Wish never patched the Drupal vulnerability which has allowed hackers to steal CPU-cycles to allow them to mine Monero cryptocurrency. Researchers have realized the miner has been active since May and is JavaScript-based after taking a quick look at drupalupdates.tk domain.“Embedded in the site was a script using the computing power of visitors to the site to mine cryptocurrency into the cybercriminals’ pockets, making their ‘wish’ to be rich, come true.”

read more →