Cybersecurity experts at Incapsula Imperva have discovered a new malware that attacks the Drupal content management system in order to illegally mine the Monero cryptocurrency.
In addition, the program sends ironic messages to its victims: “meow, don’t delete me, I’m a harmless, cute little kitten.” The Kitty virus appeared a month after the publication of the Drupalgeddon 2.0 exploit. A remote code execution vulnerability in Drupal 7.x and 8.x versions allows hackers to use multiple attack methods to penetrate Drupal sites. Once sites are compromised, scammers can bypass security systems, mine cryptocurrency, and steal accounts and data.
“While reviewing attacks blocked by our security systems, we discovered the Kitty malware, which mines cryptocurrency Monero "webminerpool", open source mining software for browsers. After executing the Kitty script, a file named “kdrupal.php” is written to the infected server. In this way, the attacker strengthens his position on the infected server and guarantees dominance using a tool to bypass the system, regardless of Drupal’s vulnerability.”
Kitty’s uniqueness is that it not only compromises the server, the internal network and the website itself, but also visitors to infected domains. The malware will first try to rewrite the index.php file in the content management system site settings and include it in the me0w.js script. Once added, JavaScript-based files are verified and sent to the mining queue. At the same time, the virus spreads to any future visitor to the infected web server sites.
Previously, we also reported on an interesting conversation between Timofey Zhannin, the developer of the ApiLeap screenshot API and a cryptocurrency scammer, who not only advised Zhannin to update the domain security, but also asked for a job, convinced that he could violate the security protocol. There was also a hacker who targeted the LA Times to mine digital currency using the electronic devices of visitors to the newspaper's website. He left a message advising developers to fix the vulnerability “before the bad guys find out about it.” Scammers seem to like to leave their victims goodbye letters.
According to https://cryptovest.com
You May Also Like
Blockchain takes to the skies
The Lufthansa Innovation Center (LIH) and SAP.iO Berlin Foundry have teamed up to launch the world's first aviation Global Blockchain Challenge. The recently announced competition is essentially a way to bring awareness to the use of blockchain technology in the Travel and Mobility Tech fields.
The number of crypto ATMs is growing in Greece
The popularity of cryptocurrency ATMs has grown significantly over the past few months. Using crypto ATMs, users can buy and sell digital assets like Bitcoin, Litecoin, Ethereum, Dashcoin, etc. Greece is one of the countries where these devices are gaining popularity.
