Websites running the content management system Drupal have now become the target for cyber attackers who are not only hacking into the systems, but also executing commands to carry out crypto mining on the sly.
This cryptojacking scheme is run by a malicious script dubbed “Kitty.” The cyberattacks have just come to light, and if you have Drupal on your system, check it out thoroughly so that you are not under any risk.
Drupalgeddon 2.0 Behind the Malware Attacks
Cybersecurity experts who have studied these Kitty malware attacks on Drupal sites are of the opinion that a vulnerability known as Drupalgeddon 2.0 is the cause of the attacks being reported. The vulnerability exploit has a remote execution code glitch and is used by the hackers to plant the malware.
It is also pointed out that versions 7.x and 8.x of the content management system (CMS) are the most vulnerable in this respect.
The remote code execution exploit is capable of inflicting severe damage on the target system; these include cryptocurrency mining apart from data theft and even scanning of the files on the system. And even worse, it can command the malware to carry on cryptocurrency mining on other connected computers as well by sending in a special script.
File Extension Meow.js Very Dangerous
The script is named meow.js and it enters the Drupal websites through a file index.php. This file is invariably found in the CMS module of Drupal. The moment the hacker is able to reach this file, the meow.js mining script will enter the scene and through file scans, the person perpetrating the attack will add the JavaScript files as well to the list for mining.
The sadistic part is that the Kitty malware leaves a note saying it’s just a “harmless cute little kitty,” urging users to refrain from deleting the script. And the word “meow” appears twice; in the beginning of this message and again in the end.
Appears an Organized Attacker
Those engaged in research on these malware programs and their effects are of the opinion that the Kitty malware is quite an evolved tool and is being constantly upgraded by whoever is behind the malware. They’ve detected newer versions of the mining script that are able to execute the job very well.
This gives the impression that the people behind the Kitty malware must be organized and have a sound technical backing.
Drupal May Have to Review Its Modules
The content management solutions provider Drupal will have to revisit their embedded codes and add safety features so that the vulnerabilities are not exploited by malicious elements.
This has been the bane of modern technology that hackers and cybercriminals are on many occasions found to be ahead of the curve when it comes to their savvy.
Law enforcement is normally found wanting in locating the professional threat actors and stopping their activities.
This is one of the reasons why hacking and data theft often cannot be stopped before it occurs. It is only after the damage has been done that the law enforcement agencies try to catch the culprit.
Keep Your Anti-Malware Program Updated
The current case of the Drupal CMS computers being affected by the Kitty malware is ironic since the owner of the computer would have taken the precaution, but an outside program installed with an element of trust can bring about the disaster.
Whatever the situation, never compromise on the best anti-malware program for your computer, whether it is a standalone device or part of a system.
Ensure that you have an up-to-date program installed and that the periodical patches sent to you are instantly downloaded with the software version upgraded.
If you are not fully satisfied, try calling a cybersecurity expert in to conduct a thorough audit of your system from the safety viewpoint and listen to the advice the expert gives you.
The regular warnings, like being alert while clicking on email attachments, apply here as well. Just like the way you would take a closer look at a physical piece of mail delivered to you to know where it has come from and who has sent it, you also have to be cautious while opening a digital message through your email. You should only download the attachments if you fully trust the sender.