Drupal exploit infects over 400 sites with cryptocurrency miner

Submitted by dryer on Wed, 05/09/2018 - 17:14
Drupal cryptocurrency

Many news outlets are now confirming the widespread outlet of cryptocurrency mining on compromised Drupal CMS installations, following a string of vulnerabilities in the system in early 2018:

But it seems that at the rate of vulnerabilities uncovered in the most popular Drupal 7.x and 8.x versions is increasing. These vulnerabilities are also exploited at an ever faster release cycle, meaning that without a robust auto updating system, the vast majority of Drupal sites will be vulnerable to exploits. In the case of the most recent "Drupalgeddon 3" incident exploits were in place in a matter of hours of the release of the patch.
The velocity of Drupal vulnerability exploits raises doubts

In the latest, a botnet has been utilised to automatically scan the web for vulnerable Drupal installations. Because of the large number of unmaintained Drupal installations in the world, there are now literally hundreds of Drupal sites being misused, according to a report by The Next Web:

While the primary targets of this attack — which hit some 400 sites — are US-based government entities and educational institutes, multiple tech firms’ sites have also been infected with the virus.
Nearly 400 Drupal sites infected with malware that secretly mines cryptocurrency

Another top-tier news source, Ars Technica, reports that visitors to these compromised sites are being used to mine cryptocurrencies for the users:

 The highly obfuscated code caused visitors' computers to dedicate 80 percent of their CPU resources to mining the digital coin known as Monero with no notice or permission. The attacker behind the campaign took control of the sites by exploiting a Drupal vulnerability that makes code-execution attacks so easy and reliable it was dubbed "Drupalgeddon2."
Hundreds of big-name [Drupal] sites hacked, converted into drive-by currency miners

It is now about high time that Drupal implements an automatic system update tool, like WordPress. Otherwise it will eventually start to face an exodus of enterprise customers, who are now more weary of privacy issues following the Cambridge Analytica debacle, Mossack Fonseca hack, Equifax attack and the new GDPR rules coming to place in the EU.