Cyber criminals know no limit on how low they will stoop in order to generate wealth, even if it involves exploiting a charitable organization that focuses on providing terminally ill children with a last “wish.”

According to a new research report from cyber security firm Trustwave, one of the Make-a-Wish Foundation’s websites – Worldwish.org - was hacked and loaded up with a malware that hijacks the computer processing power of philanthropist visitors of the website who are likely there to learn more about how to donate to or support the charity.

Make-a-Wish Foundation was founded in 1980. The non-profit focuses on providing kids, ages 2 through 17, who suffer from life-threatening medical conditions with a once-in-a-lifetime “wish” experience – typically a visit from a celebrity such as WWE wrestler John Cena or singer and songwriter Justin Bieber, who are both big supporters of the foundation.

The Make-a-Wish Foundation website in question, according to Trustwave, uses an outdated version of Drupal, a content management system used for designing and publishing website pages. Earlier in the year, almost 100,000 Drupal-based websites were targeted as part of “Drupalgeddon 2.” The researchers believe the hack on the Make-a-Wish Foundation site could be at the hands of the same hackers.

Trustwave says the malicious cryptocurrency mining script has since been removed from the affected website. Oftentimes, businesses and website operators can protect themselves from the risk of such hacks simply by keeping their software updated to the most current version. Software updates often contain patches that plug up holes in software that are used as a backdoor for hackers to gain access and exploit computer processing power for wrongdoing.

Earlier this month, cryptocurrency stealing malware was running on hundreds of thousands of websites across the internet after popular website metrics tracking analytics provider StatCounter had malware loaded into its website data tracking script.