Make-A-Wish Foundation Website Cryptojacked Due To Old Software

Colin Muller

The website of the Make-A-Wish Foundation, a charity dedicated to fulfilling the wishes of terminally ill children, has been successfully targeted by unknown "cryptojackers," as detected by the web security company Trustwave.

Simon Kenin of Trustwave's SpiderLabs made the discovery, blaming an un-updated version of Drupal running on the site as the attack vector for the malware. Drupal is widely used open-source website backend manager software.

The attackers injected vulnerable Drupal versions with the freely available Coinhive mass-mining script. Kenin identified the Make-A-Wish attack as one of hundreds of websites that had been infiltrated by the same method and attacker, as recently as June 2018, according to badpackets.net. At that time, over 100,000 websites that had not updated their backend software had been vulnerable to exploits.

Kenin added that Make-A-Wish have updated their software and closed off the vulnerability, after being notified.

Crypto and Security

Cryptojacking is a fairly new internet security concern, whereby malicious mining scripts are run by unsuspecting attack victims, whose computing resources are used to surreptitiously mine cryptocurrencies on behalf of the attackers.

The phenomenon began to take hold in 2017, crescendoing at the end of 2017 and into 2018 along with booming valuations of cryptoasset prices. CryptoGlobe has reported on the recent dip - by 26 percent in Q3 - of incidence of cryptojacking that targets individuals, with an increase in malicious targeting of businesses.

The Coinhive software mines Monero (XMR) because its Cryptonight hashing algorithm runs very well on CPUs, which makes it ideal for mass pool mining. This choice is very convenient for malicious actors, because XMR is the most valued privacy-focused cryptocurrency and has rigorous privacy features which mask transactions to a high degree. CryptoGlobe recently reported on the XMR “Beryllium Bullet” upgrade, which drastically reduced transaction file sizes of the cryptocurrency, and opened up upgrade paths for even more privacy features.

Another web security problem often associated with cryptocurrencies is the menace of ransomware - and example of which was the recent targeting of the Port of San Diego - although that has been on the wane in 2018 in favor of cryptojacking, according to some experts.

Over 5,000 Ugandan Citizens File Petitions Over Cryptocurrency Scam

Michael LaVere
  • Over 5,000 Ugandan citizens petitioned Parliament to issue a refund over funds lost in Dunamiscoins Resource Ltd. closure.
  • Cryptocurrency firm shuttered operation in late December, reportedly taking UGX 23 billion in client funds. 

Over 5,000 Ugandan citizens have petitioned Parliament following a high-profile scam by cryptocurrency firm Dunamiscoins Resource Ltd. 

According to a report by KMA Updates, more than 5,000 Ugandans submitted a petition seeking a refund over money invested in Dunamiscoins, which suddenly shuttered in December 2019. The fraudulent crypto firm billed itself as a privately owned company and claimed it was committed to providing complimentary crypto services to banks in order to benefit the low income and poor. 

In late 2019, Dunamiscoins’s bank account was suddenly frozen, with petitioners arguing that more than UGX 23 billion ($6.2 million) in client funds was locked in the firm. 

Arthur Asiimwe, de facto leader of the petitioners, told the Speaker and members of Parliament, 

[The] government licensed this company and gave it the go-ahead to work as a non-deposit taking financial institution; it carried out its duties as a microfinance company. They gave unrealistic bonuses.

Asiimwe and other petitioners argued that Dunamiscoins was operating as a microfinance company despite being registered as a non-deposit financial institution. While two of the company’s three directors have been arrested, Managing Director Susan Awoni remains at large. 

Asiimwe continued, 

We are not satisfied with what the Police report that they have failed to arrest the third director. We request that the Financial Intelligence Authority follows this up and trace where the money is and we are refunded.

Featured Image Credit: Photo via Pixabay.com