This is got to be the lowest cybercriminals have sunk in recent years as the most recent victim of crypto mining malware is the world’s most renowned children’s charity.

In a report that was published this week, researchers from the security firm Trustwave reported that a CoinImp crypto mining script was uploaded to the Make-A-Wish Foundation website with the script utilising the computing power of site visitors in order to mine crypto for the cybercriminals.

The website is built upon Drupal which is a well known open-source content management system. Drupal, earlier this year announced that they had found a security vulnerability within their software which enables hackers with the ability to inject malicious code into certain sites which had not upgraded to include a new security patch. Just in the last few months, the Drupalgeddon 2 bug, a Remote Code Execution (RCE) vulnerability in older versions of Drupal, affected over 100,000 sites using Drupal.

Researchers at Trustwave now believe that the Make-A-Wish Foundation site could very well have been infected through the same vulnerability with the foundation identifying and removing the malicious code.

As we know, cryptojacking, which is the use of malicious code in order to force computer users to mine digital currencies without their knowledge has become quite the pandemic for users on the web in the last few years.

A Citrix report which was published earlier this year revealed that cryptojacking malware at hit up to 59% of all UK companies at some point.

Over in India, cryptojacking has become a rampant beast with as many as 300 000 routers in Brazil and India found to have been infected with crypto mining malware. Back in September, it was revealed that the Indian government website was also victim to cryptojacking with many trusted Indian portals being exploited by hackers.

According to a security researcher at The Economic Times, government sites are targeted due to the massive numbers of online visitors as well the trust visitors have towards these sites:

“Earlier, we saw a lot of government websites getting defaced (hacked). Now, injecting cryptojackers is more fashionable as the hacker can make money.”

Following the attack, internet security giant McAfee labs got in involved during the epidemic last week, warning internet users of a new kind of crypto malware known as “WebCobra” which is able to opertate on any victims computer without any trace stating:

“As the malware increases power consumption, the machine slows down, leaving the owner with a headache and an unwelcome bill.”

Have you ever been the victim of cryptojacking? Let us know about your experiences by commenting below.

Follow CoinBeat on Facebook, Twitter & Telegram

Subscribe to our CoinBeat Newsletter

Submit an article to CoinBeat

View live Marketcap Prices here