Drupal Alert! Reputed Names Attacked by Currency Miners!!
A critical vulnerability is targeted in the Drupal Content Management System by a mass hacking campaign. This has converted more than 400 corporates, government and university websites.
These campaigns have converted these systems into cryptocurrency mining platforms that drains out the resources of computing resources and electricity as confirmed by a research associate.
!!!Already Targeted!!!
These campaigns are targeting reputed names. They got their hand on websites of biggies like the US National Labor Relations Board, The Arizona Board of Behavioral Health Examiners, Lenovo, the University of California at Los Angeles and the city of Ohio, Troy Mursch, Marion. A research associate confirmed this on Monday.
Also, The Turkish Revenue Administration, Peru's Project Improvement of Higher Education Quality, The Social Security Institute of the State of Mexico and Municipalities are among the affected ones.
With a minimum of 123 hacked websites, the US had the most significant concentration. This in series is followed by Canada, France, Germany, the Russian Federation with 26, 19, 18 and 17 respectively.
How does it function?
Vuuwd.com hosted all the websites run JavaScript. Without any notice or permission, the complex code dedicates the 80% of the CPU resources to the mining of digital coin; Monero!!
Just by exploiting a Drupal vulnerability, the attacker can take control of the site. This makes the code execution attacks reliable and easy!! To install the fix, many vulnerable sites have gone slow as Drupal maintainers patched the critical flow in March.
In the past few weeks, many examples of ‘Drupalgeddon 2’ have come up!! This seems to be a similar case in the Drupal community. You need to update the latest available version ASAP in case your website is running a Drupal system.
Do it, Right Away!!
In an attempt to identify the vulnerable websites, multiple security firms are analyzing their systems; mass scanning the internet! It is known when the botnets identify the unpatched Drupal Software, automated scripts exploit the vulnerability.
Hence, anyone running a Drupal site should patch their system immediately as it is vulnerable to exploitation. Also, besides updating Drupal, the site should be disinfected, remember!
Tips to Prevent virus and malware from Infecting Your System:
- Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for Chrome, Mozilla, and IE
- Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
- Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
- Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
- Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool
