Hundreds of big-name sites hacked, converted into drive-by currency miners

 In Biz & IT, content management systems, cryptocurrency mining, drive-by mining, drupal, exploits, vulnerabilities

Hundreds of big-name sites hacked, converted into drive-by currency miners

Serving the Technologist for more than a decade. IT news, reviews, and analysis.

Enlarge / Not the experience you wanted from the San Diego Zoo website. (credit: Troy Mursch)

A mass hacking campaign that targets a critical vulnerability in the Drupal content management system has converted more than 400 government, corporate, and university websites into cryptocurrency mining platforms that surreptitiously drain visitors’ computers of electricity and computing resources, a security researcher said Monday.

Sites that were hacked included those belonging to computer maker Lenovo, the University of California at Los Angeles, the US National Labor Relations Board, the Arizona Board of Behavioral Health Examiners, and the city of Marion, Ohio, Troy Mursch, an independent security researcher, told Ars on Monday. The Social Security Institute of the State of Mexico and Municipalities, the Turkish Revenue Administration, and Peru’s Project Improvement of Higher Education Quality were also affected. The US had the largest concentration of hacked sites, with at least 123, followed by France, Canada, Germany, and the Russian Federation, with 26, 19, 18 and 17, respectively.

The sites all ran the same piece of JavaScript hosted on The highly obfuscated code caused visitors’ computers to dedicate 80 percent of their CPU resources to mining the digital coin known as Monero with no notice or permission. The attacker behind the campaign took control of the sites by exploiting a Drupal vulnerability that makes code-execution attacks so easy and reliable it was dubbed “Drupalgeddon2.” Although Drupal maintainers patched the critical flaw in March, many vulnerable sites have been slow to install the fix. The lapse touched off an arms race among malicious hackers three weeks ago.

Read 5 remaining paragraphs | Comments

Critical “Drupalgeddon2” is still being exploited six weeks after it was patched.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt