400 Websites Secretly Served Cryptocurrency Miners to Visitors

Cheers to a hacker, websites for the San Diego Zoo, the government of Chihuahua, Mexico, and PC maker Lenovo were all briefly serving cryptocurrency miners to unsuspecting visitors this by weekend.

SecurityWatch

At least 400 websites were ensnared in the hacker's campaign, according to Troy Mursch, an contained security researcher.

He's been tracking the mining, which involves siphoning away your PC's processing power to generate a virtual currency called Monero. To practise so, the miner will run over your estimator's internet browser when you load up the website. If enough computers are pulled into the mining, a hacker can generate a pretty penny — all at the expense of slowing down your computer's performance.

How did the miner reach and then many sites? Mursch noticed that they all share 1 thing in common: the websites use an outdated version of the content management arrangement Drupal, which contains a serious vulnerability that can let an aggressor run malicious code over the software.

The security customs has dubbed the flaw "Drupalgeddon 2," given that over ane 1000000 websites use the content management system. The developers of Drupal have released patches, merely unfortunately not anybody has installed them. After the vulnerability was made public in late March, both Drupal and security firms have been noticing hackers actively scanning websites for the flaw in apparent attempts to exploit it.

Mursch told PCMag this past weekend'south cryptocurrency mining campaign appears to take taken advantage of the same flaw. "This is even so another case of miscreants compromising outdated and vulnerable Drupal installations on a large scale," he wrote in a separate blog post.

The good news is that some of the affected websites accept removed the mining code after Mursch alerted them nigh the trouble. He's uploaded a list of sites were found serving up the miner and is encouraging Drupal users to patch their systems.

To generate the virtual currency, the mysterious hacker chose to rely on a third-party service chosen Coinhive, which offers a cryptocurrency miner that anyone tin can register and use.

PCMag reached out to Coinhive about the hacking campaign, merely and so far the service hasn't responded for annotate. Typically, Coinhive has been quick to respond to media questions about its mining software. But the service has mysteriously gone quiet since March when security reporter Brian Krebs wrote a postal service investigating the possible owner of Coinhive.

In response to Krebs' reporting, a developer in Germany known as Dominic Szablewski wrote a weblog mail, admitting to creating Coinhive. However, he later deleted the post, and has not responded to a request for comment.

In that now deleted post, Szablewski wrote: "I found a company interested in a new venture. They have taken over Coinhive and are now working on a large overhaul."