A major cyberattack which exploited vulnerabilities in a popular content management system has transformed over 400 websites into cryptocurrency mining platforms.
The affected sites all ran a suspicious piece of JavaScript hosted on vuuwd.com. The hidden code caused the computers of visitors of the affected websites to dedicate 80% of their CPU resources to mining the Monero cryptocurrency.
Many websites were affected by the “cryptojacking” exploit, including those owned by Lenovo, University of California at Los Angeles, the US National Labor Relations Board, the Arizona Board of Behavioral Health Examiners, and even the city of Marion, Ohio, an expert told Ars Technica. In Canada, 19 websites were affected by the exploit.
The attacker exploited a flaw in the Drupal content management system that enables easier code-execution attacks. The vulnerability, dubbed “Drupalgeddon2,” was addressed in a later patch, but many affected sites have been slow to update their systems.
“We’ve seen plenty [of] examples of Drupalgeddon 2 being exploited in the past few weeks,” independent security researcher Troy Mursch said in a blog report. “This is yet another case of miscreants compromising outdated and vulnerable Drupal installations on a large scale. If you’re a website operator using Drupal’s content management system, you need to update to the latest available version ASAP.”
Mursch told Ars Technica that since his blog post went live, some of the hacked websites have managed to fix the problem. The hacking campaign, however, continues to compromise new sites, he warned.
