It has been discovered that more than 350 Drupal Based websites have been compromised thanks to Drupalgendan 2. US security researcher Troy Mursch discovered a campaign that was compromising Drupal sites and hiding a version of the Coinhive in-browser cryptocurrency miner inside a file named “jquery.once.js?v=1.2,” loaded on each of the compromised sites. EVERY VISITOR to those sites has the in-browser mining script injected into their pages. These scripts are used to perform cryptojacking; which uses the visitors PC as a crytominer. This can slow down the visitor’s computer while the crytojacking is happening. One way to prevent this from happening is to install the extenstion uBlock Origin (Chorme, Firefox, Opera).
Go here to see a full list of known compromised sites: https://docs.google.com/spreadsheets/d/14TWw0lf2x6y8ji5Zd7zv9sIIVixU33irCM-i9CIrmo4/htmlview?sle=true#gid=0
But wait there is more…
On top of the crytojacking there is also other known attacks.Cyber-Security firm Imperva discovered and named the “Kitty” malware campaign on Drupal sites. It places a in-browser cryptocurrency miner in a file named “me0w.js.” which uses a Monero miner from webminerpool.com. And, in addition to dropping an in-browser miner, the “Kitty” perps also installed a persistent PHP backdoor into the site giving them long-term access after the site’s owner updates and patches their distribution. And it also leaves a server-side miner running because… why not?