Make-A-Wish website compromised for cryptomining campaign
Not even the Make-A-Wish Foundation is off limits for some unscrupulous cybercriminals, as evidenced by a cryptojacking operation that compromised the charitable organization’s international website.
Simon Kenin, security researcher at Trustwave, reported in a company blog post today that malicious actors injected a CoinImp browser-based cryptomining script that would harness the processing power of any computers whose browsers visited the domain worldwish.org.
The website may have been compromised via the Drupalgeddon 2 vulnerability, considering that the mining script used in the campaign was hosted by the domain drupalupdates.tk, which Kenin said is part of a larger campaign known to exploit Drupalgeddon 2.
According to the post, Trustwave reached out to Make-A-Wish to report the compromise and, despite no official response, the injected script was subsequently removed from the website.
Make-A-Wish’s mission is to fulfill the wishes of children diagnosed with critical illnesses.