Drupal Websites are Victims to Cryptojacking Campaigns


You wonder what random sites like San Diego Zoo, UCLA and Lenovo have in common? 

They are all built with Drupal CMS - and all of them have been hacked! 

Two security holes were published during the last month. A set of vulnerabilities in Drupal CMS were revealed and now those are a target of attacks by a malware campaign. 

Hackers turned their attention to the millions of Drupal websites hoping to find as many websites as possible that didn’t receive immediate updates and inject malware on their servers. This way they make money illegally by mining cryptocurrency - called cryptojacking.  

Over 350 Drupal Websites Cryptojacked

According to the discovery made by the security researcher Troy Mursch, hackers are using visitor’s computers to mine cryptocurrencies.

Mursch discovered a group that gained access to Drupal sites and hid a version of the Coinhive in-browser cryptocurency miner, loaded on each of the compromised sites.

Some webmasters updated their Drupal websites on time, but there are many who didn’t and now are victims to coinminers, shortly after the publication of proof-of-concept code.

Although the latest version of the software should protect the website from being hacked, Mursch warns that the protection coming with the latest update does not have impact on the sites that have been affected by cryptojacking already. 

Hardware Maker Lenovo On The List Of Victims 

Among the victims, besides the small business websites are many government and university websites, such as the National Labor Relations Board, the Turkish Revenue Administration, the University of Aleppo and many others that Mursch created a list for.

Most shockingly, the biggest name on the list is surely Chinese hardware maker Lenovo, which Mursch added in an update following the initial publishing of his research.

He recently Tweeted that he discovered another 200+ websites that were victims of this campaign:

"200+ other websites are part of this #cryptojacking campaign" - Troy Mursch

Here's the list of the hacked Drupal websites. Check if your Drupal website is one of them.

What to do if your Drupal website is being hacked 
or it has not been updated on time?

Besides all the possible risks you are not aware of, taking care of your website on your own is a very hard job to do. Considering the fact that your website is the fuel for your business, it is very risky to neglect the technology leaving it outdated.

If your website has been hacked already, getting the latest updates now will not make a big difference. Since your website has lost the reputation among the search engines, you will need to do a lot of work on your SEO once again in order for your website to rank well again.

Since Drupal is an open-source website platform, just as any other open-source platforms, it has many disadvantages. The list of things to do to keep your website safe is too long and takes a lot of time and effort. Especially if you do it on your own. 

Our solution: 

This is why we offer a website builder that covers all in one.

By having your website on Exai’s platform you will not have to make any updates worry about your website’s security or hosting packages. Exai takes care of it all!

This means that every single website built and hosted on Exai is using the latest technology, which makes it safe and almost impossible to hack.

If you are interested to learn more about transferring your website to our platform, 

fill the form and a member of our Exai team will call you in order to explain the process. 

(we pay the call fee)