Flaw in Drupal CMS Allowed a Hacker to Service Miners to Visitors, 400 Websites Affected
A serious flaw in the Drupal content management system recently allowed a hacker to serve crypto miners to unsuspecting visitors. According to reports, websites of San Diego Zoo, PC maker Lenovo and the government of Chihuahua from Mexico were among the 400+ sites affected by this attack. It briefly made several cryptocurrency miners use the PCs of the visitors of these websites.
Troy Mursch, an independent security researcher revealed the details of this hacking attack. He has been tracking the footprints of the miners for a long time and suggests that these websites became the breeding ground for unauthorized mining briefly. When a user visited any of these 400 websites, the processing power of his PC was hacked. This processing power was then used to mine cryptocurrencies. It made the users’ computers slow while the hackers enjoyed enhanced processing speeds.
All this siphoning was done to mine Monero, a privacy coin that has gained much bad repute in the latest news. The currency is supposedly involved in several illegal transactions on the dark web. Compared to bitcoin, which has become more mainstream in recent times, Monero provides an added layer of security and anonymity, making it the perfect coin for those involved in transactions on the dark web.
The processing power of a single PC is not good enough to help the hackers. However, when several computers are hacked this way, even a brief visit to the website will help him make a small fortune. Note that miners need graphics chips with very high processing powers to mine these currencies. When the supply for these high-end chips started dwindling, they moved to the cheaper, GPUs of gaming computers and burned thousands, if not millions of them, while mining their currencies. Then, the prices of these chips also shot up, selling at 3x premium at some places.
To avoid these rising costs and the chances of getting caught buying so many chips together, the miners are now hacking into the processing powers of your devices. Recently, even Tesla’s cloud servers became victims of this operation. It isn’t necessarily a data leak, but it does make your device painfully slow.
So how was the hacker able to get into so many users’ computers? Mursch suggests that the websites that have been hacked were using an older and outdated version of Drupal’s content management system. This version contains a fatal flaw that could make any attackers exploit the website to run their own malicious codes.
The security problems with this system are so bad that the security system specialists’ community has dubbed it “Drupalgeddon 2”. The company has since released some patches to the flawed code but it is important to note that over 1 million websites worldwide use this CMS. Not everyone has installed the updates, which means that several computers may still be getting used by hackers through these websites.
Recently, experts reported that hackers are now actively scanning websites to check for these flaws. Once they are found, the traffic on these website gets exploited and the miners make money at the users’ expense. The worst part about this experience is that the users may never know that they are getting duped.