Hackers targeting a critical vulnerability in the Drupal Content Management System have been able to infect more than 400 websites with cryptomining malware. Chris Olson, CEO at The Media Trust commented below.
Chris Olson, CEO at The Media Trust:
“While malware actors have targeted Drupal’s CMS vulnerabilities, there are many ways they have used cryptomining software to hijack user’s CPUs. IT teams should be aware of many other ways that cryptomining malware can be used. Other methods include botnets, which have awarded malware authors with millions of dollars; infected digital ads; website plugins, which have also affected more than 4,000 websites around the world; among others. Malware authors who orchestrated this campaign targeting Drupal sites, used the Coinive JavaScript hosted on vuuwd.com, a domain that was set up in January but did not go live until mid-April, just two weeks before some website operators were able to scan, identify, and blacklist the offending domain on April 30th. Operators relying solely on traditional security tools like antivirus software were unable to report the malicious domain until several days later. The best way to avoid unauthorized installations of Coinhive or other cryptomining software is a digital vendor risk management program that includes continuous, real-time monitoring of all third-party script on websites and mobile apps.”
