‘Drupalgeddon 2’: Cryptojacking Makes a Return to Prominence

Contrary to popular belief, the cryptocurrency space is not always sunshine and rainbows. A report released by an independent internet security analyst has shown that over 400 websites have been affected by an exploit which allows cryptojacking miners to be run secretly in the backgrounds of these websites. 


Cryptojacking,” as coined by members of the cryptosphere, has returned in full force with sites like the Lenovo webpage along with certain Mexican governmental sites coming under attack.

On Saturday, Troy Mursch of Bad Packets Report released a report which outlined that over 400 websites were affected by an exploit found in March.

A New Vector of Attack: ‘Drupalgeddon 2’

Mursch stated:

This is yet another case of miscreants compromising outdated and vulnerable Drupal installations on a large scale,

The computer security community was quick to name this newfound exploit as “Drupalgeddon 2,” named after the Drupal website management system. While WordPress has become the king of website design, over 1 million active websites use the Drupal protocol as a method of content management.

Once notified of the issue, Drupal released security patches to stop the exploit from being utilized in a negative manner. However, not every site that is vulnerable has installed the patch.

Despite their attempts to cease hostile hacking attempts, security analysts noted that hackers began actively looking for vulnerable websites once the exploit was made public last March. Mursch has compiled a list of affected sites to alert website owners of the need to install the latest security patch.

These hackers began to secretly install Coinhive mining code for the Monero cryptocurrency onto vulnerable websites. This code would run in the backgrounds of consumer computers, often without their knowledge. This method of “cryptojacking” has proven itself to be a way which hackers can make a quick buck off the crypto craze.

Cryptojacking? Wait, What?

During the latter part of 2017 and early 2018, “cryptojacking” became prominent in the cryptocurrency community, generating hundreds of thousands of dollars of Monero across thousands of computers on a monthly basis.

Hackers install mining scripts onto unsuspecting websites which allow them to run hidden miners on unsuspecting computers.  The installed miner draws processing power from the computer hardware to help generate Monero, the most popular anonymous cryptocurrency. This use of computer power often goes unnoticed by most viewers, who may not notice a small uptick in computer use, which generates a few cents a day on most computers.

This few cents across hundreds of thousands of internet devices can quickly add up to lots of cash generated by hackers.

But since its rise to mainstream media attention, websites affected began to implement methods to stop malicious attempts at consumer devices.

The same happened with the websites affected by the original “Drupalgeddon.” Once the websites hosting the initial Drupal exploit were notified, Monero mining scripts began to disappear from the websites, one by one.

Although this was a success for those advocating for secure internet use, this will be just a temporary win as it has become common knowledge that no computer program is perfect and impenetrable. This is why security researchers will continually need to improve their prevention methods, especially in a world which is increasingly becoming more connected.

What do you think of exploits like the one highlighted above? Have you taken the proper methods to protect yourself against malicious attacks? Tell us in the comments down below!


Images Courtesy of Bitcoinist archives, Adobe Stock, and Pixabay.

Exit mobile version