Monero [XMR] Mining Malware in Action with Drupal Vulnerability Exploitation

Published by

Hackers are exploiting the Drupal vulnerability to attack the networks and activate Monero (XMR) mining malware. The same vulnerability that has been patched in April, is yet again exploited.

Hackers exploiting Drupal vulnerability again

Privacy-focused Monero is certainly favourable among the cybercriminals as yet again the criminals are trying to drop the Monero mining malware into the vulnerable systems by leveraging the Drupal vulnerability. A security flaw CVE-2018-7602 has been found in Drupal, a content management framework that has been exploited. The attackers are trying to run the affected systems into Monero mining bots. These attacks can lead to a number of threats apart from slowing the system performance and stealing the resources.

This is not the first time the Drupal vulnerability has been exploited, back in April, this year only it has been patched. A remote code execution, CVE-2018-7602 affects the 7 and 8 version of Drupal. In order to exploit this vulnerability, a shell script has been downloaded that recovers an  Executable and Linkable Format-based (ELF) downloader. This then adds a crontab entry that basically updates itself automatically.

Also, read: Monero (XMR), Siacoin (SC), NEM (XEM) & Aeternity (AE) Gets New Listing, Price Analysis

pointer; transition: all .25s ease; } #sticky-footer { width: 1440px; height: 40px; } @media (max-width:800px) { #sticky-footer { width: 1440px; height: auto; } } @media (max-width:480px) { #sticky-footer { display: none; ; } } #carousel-4 .wcp-carousel-main-wrap .post-style-2 .wcp-content-wrap{display:none}

Save your systems

During the process, it retrieves and installs a Monero mining application in the affected machine. A modified version of XMRig, it is one of the most commonly used variants in Monero mining attacks. Apparently, the downloader even checks the target system to see if it the machine to be compromised or not. Once miner starts running, it even changes its name.

The attacks aren’t running amok, they take proper precautions by hiding behind the Tor network. Reportedly, the same IP address has initiated 810 attacks that have been blocked by Trend Micro. However, it’s not confirmed if all of these attacks are Monero related or not. Apparently, this IP address exploits Heartbleed (CVE-2014-0160), ShellShock (CVE-2014-6271) memory leak flaw in Apache (CVE-2004-0113), WEB GoAhead (CVE-2017-5674) and others.

By patching and updating the Drupal core, one can fix this vulnerability for which the guidelines are provided on the security bulletin of Drupal.

What do you think of the repeated attempts by cybercriminals to activate Monero mining malware? Share your thoughts with us!

Sagar Saxena

Passionate about Blockchain and has been researching and writing about the Blockchain technology for over a year now. Also holds expertise in digital marketing. follow me on twitter at @sagar2803 or reach out to him at sagar[at]

Published by

Recent Posts

  • Price Analysis

Decentraland Price Analysis: A Descending Trendline Leads The Short-Term Downtrend In MANA Token

The MANA token is currently under a correction phase, which has plunged its price back…

December 5, 2021
  • Price Analysis

Ethereum Price Analysis: ETH Price Sustains Above The $4000 Support. Can The Bull Rally Continue Now?

After the second rejection from the All-Time High resistance of $4811, the ETH coin entered…

December 5, 2021
  • Price Analysis

Terra Price Analysis: LUNA Coin Flourished Despite The Bloodbath Of December 4th

On December 4th, the crypto market experienced a sudden and intense selling pressure that took…

December 5, 2021
  • Press Release

WIN NFT HORSE TRON Will Launch Open Beta Test on 6th December

Singapore, Singapore, 5th December, 2021, After six months of active development, the team behind WIN…

December 5, 2021
  • Altcoin News
  • News

Terra’s LUNA is Among the Top Ten Cryptocurrencies With a Sharp 32% Bounce Back

After a massive correction and bloodbath on late Friday, December 3, the crypto market is…

December 5, 2021
  • DeFi News

Presale of AXL INU Tokens Begins Shortly

Axl is a decentralized exchange that supports both the Ethereum and Binance smart chains. Users…

December 4, 2021