Cryptojacking Malware Recently Preyed On Make-A-Wish Foundation

Cryptojacking is a recurrent crime in the crypto world, and one that has understandably preyed on countless organizations. The fact that Cryptojacking is increasing at a rapid pace in India, is known by most, but their recent victim is one that will leave you shocked.

Recently, it has come to light that the popular charity NGO, Make-A-Wish Foundation, fell prey to a cryptojacking incident. The crypto-jackers planted cryptocurrency mining malware on the charity’s website.

The mining script that infected one of the Foundation’s websites, called worldwish.org, is known as CoinImp. As a result, the website was compromised and it hijacked the user’s computing power to mine cryptocurrencies. Researchers from Trustwave SpiderLabs, a popular information security company revealed this data.

(Read what the Cyber Threat Alliance has to say about increase in illegitimate crypto mining)

Although, the script has been already removed from the website, it is shameful that attackers would decide to hit a charity organization. The website had apparently not updated Drupal’s content management system. Drupal is a popular open source content management system. This is why it was quite easy to hack into the systme.

Back in March, Drupal had revealed that there was a significant vulnerability, which allowed hackers to inject malicious code into sites, which did not install the available patch.

Karl Sigler, threat intelligence manager at Trustwave SpiderLabs said,

“Criminals are going to be running just some vulnerability scans. They probably have some command line scanner that only scans for one specific, or two or three specific vulnerabilities, and then they just start tossing web server addresses at it.”

It is no surprise that this happened, since cryptojacking incidents have beenon the rise for quite some time now. A September report by McAfee Labs indicates, that in 2018 alone, roughly 2.5 million new cases of crypto mining malware have surfaced.