Charity Website Make-A-Wish Gets Infected with Cryptocurrency Malware


Since now is the time of season where many feel they would rather give first than receive, charities look forward to the generosity of those willing to donate to their cause.  However, criminals and hackers also look forward to the season of giving, rather to take for themselves what others had planned for those in need.  One recent example of individuals displaying a lack of ethical standards are the crypto-jackers who infected a Make-A-Wish charity website with cryptocurrency malware.


Crypto-Jackers Attack Make-A-Wish Foundation’s World-Wish Website

Proving that charities are not even off-limits to crypto-jackers, The Next Web website posted an article by Neer Varshney in which one of the Make-A-Wish foundations website World Wish became compromised because of a crypto-currency malware called Coinlmp.  This was discovered by researchers who work for the security firm known as Trustwave, who say that the website was infected with malware that produces a malicious script designed to take a visitor’s computing power and utilize it toward mining cryptocurrency covertly.

This allows hackers to commit crypto-hijacking, which continues to happen at an alarming rate.  According to the researchers, the success of the implanting of the malware was most likely the result of the decision of Make-A-Wish to utilize a version of Drupal’s content management system that was outdated.


The Global Menace of Crypto-Jacking Scripts

The issue of hackers using malware to obtain personal data is nothing new; however, the number of attacks of this nature are growing in attempts and locations.  Researchers reported earlier this year that hackers had launched a malware campaign that targeted roughly one-hundred-thousand Drupal websites that became known as “Drupalgeddon 2.”  Trustwave suspects that the attack on Make-A-Wish was committed by Drupalgeddon hackers as well.  Trustwave has reported that the Make-A-Wish website has already removed the mining script.

Throughout the year, the menace of crypto-jacking scripts has infected websites on a global scale.  Hackers achieved success in exploiting four-hundred websites that were using versions of Drupal that were outdated, which included the University of California, Los Angeles (UCLA), the US National Labor Relations Board (NLRB), Taiwanese network hardware maker D-link and Chinese tech company Lenovo.

Alarmingly, Drupal websites are not the only ones at risk.  Earlier in the year, India and Brazil discovered that over three-hundred-thousand routers became infected with the cryptocurrency mining malware.   


Research that was conducted by McAfee labs discovered that just within the second quarter of this year alone, new crypto-jacking scripts that were installed totaled over 2.5 million.

One thing that is important to point out is that mining scripts are planted by those who aren’t hackers.  Charities, such as and UNICEF, have utilized this on a volunteer-basis in an effort to raise cash for their initiatives; yet, critics have raised doubts on how effective it can be

Considering how people are concerned in protecting their computer and personal data from being hacked, it is important to know how to defend from this type of hacking taking place.  Anyone who has a concern that their computer is being utilized in mining cryptocurrencies, there is a handy guide on how to put an end to it.