Make-A-Wish Charity Website Hit By Cryptojacking Code Mining Monero (XMR)

Fibo Quantum

On November 19, 2018, the official Trustwave website brought us the news that Make-A-Wish charity’s website was infected with cryptojacking software.

According to Trustwave’s cybersecurity researcher, Simon Kenin, a malicious script was embedded in the well-known charity’s website in order to use unaware visitors’ computing power to mine cryptocurrencies for the attacker.

Website owners didn’t update their security wireframe

The release states that the malicious mining script has been circling the web since May, and is used to attack website owners who failed to update their Drupal content management system (CMS) on time.

Since Drupal is used by more than a million sites around the world, this presented a great opportunity for hackers to infiltrate these websites with their code, reportedly, in this case, hosted by the drupalupdates.tk domain.

Another state of the art hack attack

Kenin explains that this undercover mining script was a well-known CoinIMP JavaScript browser mining program, but difficult to detect since it uses different static-detection avoidance techniques.

Firstly, it changes the name of the domain that hosts the JavaScript-based miner. Then it disables the blacklisting mechanism by using different domains and IP addresses, making it even harder to discover.

Trustwave Secure Web Gateway (SWG), mentioned by the author of the report, is able to detect new versions of malware through its dynamic web analysis, and was, therefore, also able to detect the obscured hacker’s code.

According to the report, Trustwave informed Make-A-Wish about the attack immediately after their revelation. The charity failed to give any feedback, but the cybersecurity firm reported that Make-A-Whish removed the unwanted software from their system, and their website is now safe to visit.

Not all browser mining software is for cryptojacking purposes

Mining scripts integrated on websites have evolved in such a way that Kenin explains it is even hard to deduce if those were put there by hackers with ill-disposed intent or if smaller websites integrated a version of the script on their own, as a legitimate source of extra income.

Since that is the case, website owners who use this software should forewarn users that the domain they are visiting is using browser mining script. That way, a lot of legal complications can be avoided.

CoinIMP software, used for this attack, enables individuals to mine two cryptocurrencies.

The main one is Monero (XMR), possibly because of the fact that it is a cryptocurrency which allows the most privacy to its users, with virtually untraceable transactions. The second is a rather new Webchain.Network’s WEB coin, whose transactions are, unlike XMR’s, transparent.

Cryptojacking – the usual occurrence

Simon Kenin referred to “loads of CoinHive and other Cryptojacking malware hits” he found on researched websites as a perfectly common situation, and indeed, it is known that many sites have this kind of software integrated with their code. Still, many countries don’t have rules exclusively dedicated to this problem.

Nevertheless, the example of an individual getting arrested in Japan for the malicious use of such software in July this year tells us that government’s don’t lack legal solutions for such attempts. 


Disclaimer: This is not investment advice. Cryptocurrencies are highly volatile assets and are very risky investments. Do your own research and/or consult an investment professional before investing. Never invest more than you can afford to lose. Never borrow money to invest in cryptocurrencies.