The Make a Wish Foundation, a popular charity during the holiday season, appears to have fallen afoul of nefarious crypto hackers who were using the Foundation’s site not to give but to receive.
First uncovered by Trustwave’s SpiderLabs, in a blog post by Simon Kenin, the company outlined what they discovered and how the hack occurred. Apparently, Make a Wish uses a Drupal-based web platform – one that has had known vulnerabilities for hacks.
Make a Wish & Mine Some Crypto
Kenin said they tried to contact Make A Wish but they did not respond to their entreaties. They did notice that soon after their charitable outreach the injected script was removed from the site.
Kenin explained that the injected script was using the computing power of visitors to mine crypto and deliver it to the crooks. While the exploit, and the script Drupalgeddon 2, has been around for awhile – not everyone has apparently updated their Drupal sites to block potential attacks. Thus the cybercrooks were able to use the Make a Wish site to Mine Some Crypto.