Crypto-Mining Malware Hello Kitty Exploits Vulnerability in Drupal Websites

The malicious program 'Hello Kitty' aims attack on Drupal websites with the objective of mining crypto-currency. When Kitty in its updated version infects servers and controls them, those servers launch assaults as well as create back-ends for contaminating more servers.

Drupal is a content management network of open source kind that websites can use free of cost. Approximately 2.3% of the total online sites understandably utilize back-end components obtainable from Drupal.

Imperva Incapsula the security firm explains that the crypto-mining malware Kitty exploits familiar and crucial vulnerability of remote-code execution type which has been named CVE-2018-7600 within Drupal, even as it targets browsers in addition to servers. Imperva Incapsula works primarily with the 'cloud' applying it to develop delivery services such as security integration or Web safety services.

But cyber-criminals, aiming for increasing their mining proficiencies too vis-à-vis visitors of Web applications, employ mining script that has been named me0w.js. This mining script, which is a JavaScript, is appended to a frequently utilized php file called index.php, thus making the most of processor power belonging to future visitors of the contaminated server websites. Threatpost.com posted this, May 3, 2018.

It's being shown that the simple manipulations along with the attacks are attributed to Drupalgeddon 2.0 the latest edition of Drupal. Almost one full month has passed after the update as well as security flaw was described to be 'highly critical.' Attackers have discovered loopholes which they abuse with vectors for hijacking Drupal websites.

Researchers state the Hello Kitty malicious program they found was ver.1.5 while the most recent one is 1.6. This upgrading in version is indicative of an organized group of attackers that creates malware like it is some software, correcting exploits, while publishing fresh features within cycles.

The one-month old patched Drupalgeddon 2.0 that affects Drupal's CMS framework ver.6, 7 and 8 potentially lets cyber-criminals abuse several attack vectors obtainable from Drupal websites leading to those websites getting wholly compromised, states the Common Vulnerabilities and Exposures Bulletin of MTRE.

Since March, over 1m websites running Drupal have succumbed to the vulnerability, with many attack-codes created for abusing it.

» SPAMfighter News - 5/11/2018