It seems as though a lot of sites that are using outdated Drupal installations are being cryptojacked, which means of course those site’s infrastructure is now being used to mine cryptocurrency without their knowledge. Bad Packets has an explanation of the hack and a list of sites that have been compromised. It stretches from the US National Labor Relations Board, all the way to the San Diego Zoo. Bad Packets also suggests that minerBlock would be a good idea for your browser.



We’ve seen plenty examples of Drupalgeddon 2 being exploited in the past few weeks. This is yet another case of miscreants compromising outdated and vulnerable Drupal installations on a large scale. If you’re a website operator using Drupal’s content management system, you need to update to the latest available version ASAP. The Drupal security team has prepared a FAQ which documents the risk level and mitigation steps. Note that installing the update won’t retroactively “unhack” your website and you may need to take further remediation steps.

Discussion

Source: [H]ardOCP – Cryptojacking Campaign on Drupal Moving Fast