Cybersecurity Firm Detects Cryptojacking Malware on Make-A-Wish Foundation Website

Hackers have infected the website of global non-profit organization the Make-A-Wish Foundation with cryptojacking malware, according to a report by cybersecurity firm Trustwave posted Nov. 19.

According to Trustwave researchers, crypto jackers managed to incorporate a JavaScript (JS) miner CoinImp into the domain worldwish.org in order to illicitly mine privacy-focused cryptocurrency Monero (XMR). Similarly to the notorious Monero mining software CoinHive, CoinIMP has reportedly been using the computing power of website visitors to mine cryptocurrency.

Per the report, the CoinImp script infected the website through the drupalupdates.tk domain, which is associated with another campaign that exploited a critical Drupal vulnerability to compromise websites since May 2018.

The researchers noted that the recently detected campaign deployed a number of techniques to evade detection, including alterations of its already obfuscated domain name, as well as different domains and IPs in a WebSocket proxy.

Trustwave reportedly contacted Make-A-Wish in order to report the cryptojacking attack, but the foundation did not respond. However, the malicious injected script was eventually removed shortly after Trustwave attempted to reach the foundation, according to the report.

According to data acquired by Bloomberg, scales of cryptocurrency mining attacks have surged up to 500 percent in 2018. Recently, Internet security provider and research lab McAfee Labs uncovered a new Monero-mining malware called WebCobra that allegedly originates from Russia.

Earlier in November, Japanese global cybersecurity company Trend Micro detected a new strain of crypto-mining malware targeting PCs running Linux.