Cryptojacking malware was secretly mining Monero on many government and university websites
A new report published by security researched Troy Mursch details how the cryptocurrency mining code known as Coinhive is creeping onto unsuspecting sites around the web. Mursch recently detected the Coinhive code running on nearly 400 websites, including ones belonging to the San Diego Zoo, Lenovo and another for the National Labor Relations Board. The full list is available here.
Notably, the list names a number of official government and education websites, including the Office of the Inspector General Equal Employment Opportunity Commission (EEOC) and sites for the University of Aleppo and the UCLA Atmospheric and Oceanic Sciences program.
Most of the affected sites are hosted by Amazon and are located in the United States and Mursch believes that they were compromised through an outdated version of Drupal:
Once the code was deobfuscated, the reference to “http://vuuwd.com/t.js” was clearly seen. Upon visiting the URL, the ugly truth was revealed. A slightly throttled implementation of Coinhive was found.”