Many Drupal-based websites have fallen victim to a new cryptojacking incident.
As uncovered by Bad Packets Report, hackers injected the mining program called Coinhive into around 300 websites running the Drupal software. The injection of the mining software is made possible by the vulnerability found on older versions of Drupal.
Drupal is a content management system that can be used to create websites, among other things.
After carefully extracting the relevant information, Bad Packets confirmed that 348 websites are affected by the hacking, all of them running outdated Drupal software. There seems to be no clear target, as the affected websites vary by country and even hosting providers. What’s alarming is that a number of those affected are either government or university websites.
The owners of the infected websites are advised to update to the latest version of Drupal immediately.