US-China Association of Commerce site victim of crypto-jacking malware

June 07, 2018
Chris Wheal

A security researcher, Troy Mursch said that the US-China Association of Commerce (USCAC) site is the latest victim of crypto-jacking malware.

Hacking via malware: Source: Shutterstock.com

Mursch, who publishes his research at Bad Packets Report, found that the USCAC site is infected by mining malware that hijacks the CPU power of unwitting victims. It’s an increasingly common approach by cyber crooks. The malicious script is said to be riding on the back of Coinhive and the coin popular for anonymity, Monero.

USCAC is a cultural exchange of around 300 Western and Chinese entrepreneurs and professionals. According to Murch, USCAC along with around 115,000 other sites are vulnerable to the malware attack because of outdated Drupal Content Management Systems.

Cryptomining

Murch said in Hard Fork that the USCAC has not been updated since 2011. He said: “Websites that use outdated versions of Drupal (CMS) are highly vulnerable and can be exploited en mass… So far, we’ve found hundreds of these sites affected by crypto-jacking attacks.”

Mursch released a spreadsheet on his site that are running  outdated Drupal versions and is said to include government sites of countries like the US, Mexico, Turkey, Peru, South Africa, and Italy and tech companies.

Coinhive is considered a growing threat and ranks at the top Most Wanted Malware Index.  CheckPoint Software Technologies, published the Global Threat Index showing that Coinhive cryptominer impacted 22% of organisations globally in May.

 

Post written by Chris Wheal
Chris Wheal is editor of OpenLedger's news and features service. An award-wining business journalists himself, he runs a team of freelance journalists from across the UK and north America.

Related News

XSD Gateway Temporarily Disabled November 20, 2019
Maintenance works are finished November 18, 2019

Leave a Reply

Your email address will not be published. Required fields are marked *