May 3, 2018 , 12:57 pm
Yet another bad actor has taken advantage of Drupal sites still vulnerable to “Drupalgeddon 2.0,” this time to mine cryptocurrency.
The bad script, dubbed the “Kitty” cryptomining malware, takes advantage of the known critical remote-code execution vulnerability in Drupal (
CVE-2018-7600) to target not only servers but also browsers, according to researchers at security company Imperva Incapsula.
On servers, the attackers install a mining program – “kkworker” – which mines the xmrig (XMR) Monero cryptocurrency.
But the attackers are are also looking to expand their mining efforts to web app visitors using a mining script called me0w.js. They achieve this through adding the malicious JavasSript (me0w.js) to the commonly used index.php file, cashing in on the processor juice of future visitors to the infected web server site.
“To win over kitty lovers’ hearts, the attacker cheekily asks to leave his malware alone by printing ‘me0w, don’t delete pls i am a harmless cute little kitty, me0w,'” the researchers said.
... .... ...