Make-A-Wish-Foundation Website Infected with Crypto Mining Malware

Latest News

Cybercriminals have targeted the site of one of the most popular children’s foundations in the world and infected it with crypto mining malware.

In a report Published this week by researchers from security firm Trustwave, a CoinImp crypto mining script was injected into the Make-A-Wish Foundation website and that this script used the computing the power of visitor’s to mine cryptocurrencies for the hackers.

The Make-A-Wish Foundation site is built on Drupal, a popular open-source content management system. Earlier this year, Drupal announced that there had been a vulnerability in their software that allowed hackers to inject malicious code into specific sites that had not incorporated their security patch. Trustwave researchers believe the Make-A-Wish Foundation website might have been compromised through the same vulnerability. The foundation subsequently identified and removed the malicious script in question.

Cryptojacking, which involves the use of malicious code to force other computer users to mine cryptocurrencies without their knowledge, has become a near-epidemic for internet users.

A Citrix report revealed that a crypto jacking malware had hit at least 59% of UK companies at some point.

In India, crypto jacking is a menace, with over 300,000 routers in Brazil and India found to have been injected with crypto mining malware. The Economic Times (ET) revealed in September that Indian government websites had not been spared from this phenomenon, stating that widely trusted Indian portals had been exploited by the crypto jacking menace.

According to a security researcher quoted by ET, government websites were targeted due to the high number of online visitors and the trust these visitors have when they visit them.

“A lot of government websites are getting hacked. Now, crypto jacking is more fashionable as the hacker can make money.”

Internet security provider McAfee Labs weighed in on the epidemic last week, warning users of a new crypto jacking malware called “WebCobra,” which it said can operate without a trace on a victim’s computer.

The researchers went on to state:

“The malware increases power consumption causing the machine to slow down, leaving the owner with a headache and an unwelcome bill.”

Season 6 of the ever popular Fortnite videogame series has inspired the development of a Bitcoin stealing malware that is disguised as a Fortnite cheating tool.

Recently discovered by Malwarebytes Labs, the malware which is disguised as a cheat tool has the ability to steal data in Bitcoin from Fortnite gamers. Malware labs first stumbled upon this pesky bug on YouTube videos offering “free season passes” and other various offers for Android versions of the game.

Many Steps to This Scam

Detecting the malware included going through numerous steps of subscribing to YouTube channels, getting various prompts from newly built websites, filling out an online survey and then downloading the malware as a “reward” for the tasks completed.

Videos titled “Fortnite Cheat”, “Fortnite Hack Free Download”, and “New Season 6 Fortnite Hack Cheat Free Download “ were found to lead to this malicious bug. One such video had accumulated over 120,000 views before you to removed it for violating their spam policy.

Data Vulnerability

Once the initial executable file has been run, it reports details of the infected computer. Once that has been completed, it sends data by means of a POST command located within the Russian Federation. A lot of data can be stolen as the malware examines Bitcoin wallets, steam sessions, browser history, cookies, and other private information stored on the victim’s computer. There’s even a readme file that comes with the malware which allow the victim to purchase additional “Fortnite scams” for $80 worth of Bitcoin.

Christopher Boyd, the leader malware intelligence analyst at Malwarebytes labs stated that …”

“Offering up a malicious file with the pretense of cheating a video game is about as old-school as it gets. Would be cheaters suffer a taste of their own medicine through a chain of clickthroughs and which eventually results in malware as a parting gift. Winning is great however it’s not worth risking a massive chunk of your personal data income in order to get the job done.”

Earlier this week, the Monero (XMR) community announced the launch of a new website that aims to educate users on cleaning up crypto-jacking malware and ransomware.

Easing Malware Victims’ Confusion and Frustration

The ease of mining and privacy of Monero are standout features for the coin. However, the features attract bad actors who use the coin in malware.

Justin Ehrenhofer, the director of the Malware Response Workgroup, stated that two main factors make XMR attractive to hackers:

“Attackers like Monero for two reasons: 1) it is private, so they do not need to worry about companies and law enforcement tracing what they do with the Monero after they mine it, and 2) Monero uses a Proof of Work (PoW) algorithm that is CPU and GPU-friendly; thus, the infected machines are competitive. These two components are increasingly distinguishing factors for why attackers choose to mine Monero over other cryptocurrencies.”

The capability to use cryptocurrency in malware is not unique to Monero. Bitcoin and other digital currencies have been used in the same attacks described above, but XMR has privacy features that make it stand out.

Asked what led to the creation of the working group, Ehrenhofer said, “We created this workgroup to help the victims of these mining/ransomware attacks, who often have no idea what Monero, mining, and cryptocurrencies are… the increased prevalence of Monero-related malware prompted the formation of the workgroup.”

The new Malware Response website seeks to inform visitors on the ways to prevent and remove malware. As stated, it’s expected that visitors will land on the site frustrated and seeking answers, since most do not understand what is happening.

In addition to discovering if XMR-based malware is running on your computer, the site includes remedies for the three types of attacks that are used: browser-based mining scripts, system/PC based malware, and ransomware.

Cleaning Unwanted Cryptojacking Scripts

Bitcoin Theft

Scripts to mine Monero in the browser are occasionally deployed as an opt-in service as a way for visitors to fund websites. briefly added crypto mining as an option for visitors instead of advertisements. If readers opted-in, their browsers would mine XMR with their computers’ resources while they browsed the site.

However, attackers can also inject mining scripts into vulnerable websites without the webmaster or visitors knowing, which is known as “cryptojacking.” McAfee labs reported that cryptojacking increased by 86% in the second quarter of 2018. Addtionally, for 2018 so far, illegal cryptojacking is up a shocking 459%, thanks largely to the leaks from the NSA’s hacking tools. Criminals then used these tools to infect computers with malware.

As the NSA (and Microsoft) have already admitted blame for the blunder, one would think they would be the entities creating an educational site like Monero’s.

Monero Community Is Firmly Against Malware

As cryptojacking attacks are new to webmasters/internet users and sometimes sophisticated, education is a key role in quickly discovering and responding to security breaches.

The Monero technology and community do not condone of any malicious activities that Monero is used in, as Ehrenhofer made clear.

“Monero itself and the community aren’t attacking computers, but the computers are attacked with some vulnerability and the attacker decides to run mining software on the compromised machines,” he said.

Syndicated from CCN

Google has finally betrayed its true feelings on cryptocurrency. Well, maybe not, but a tongue-in-cheek advertisement for the search giant does take a few potshots at the nascent asset class.

During the ad, which promotes Google’s new Call Screen service, one character, Abby, remarks that the other’s electricity bill is “super high.” That character, Teddy, explains that he mines cryptocurrency, which “takes a lot of energy”

“Cryptocurrency? That money’s not real,” Abby says.

“Yeah, well I’ve got news for you: money isn’t real,” Teddy replies.

“You gonna live that lie?” the skeptical Abby retorts as the ad concludes.

The exchange is somewhat ironic, considering that the company’s co-founder has taken an interest in crypto mining. A few months ago, Sergey Brin (now president of Google parent company Alphabet Inc.) credited ethereum mining — which, at least until currently, relies primarily on GPU chips — with helping drive the computing boom. Later, he revealed that he had begun mining ethereum with his 10-year-old son. Perhaps the ad was taking a lighthearted jab at Brin.

However, despite Brin’s interest in cryptocurrency, Google, along with other major ad companies including Facebook, banned cryptocurrency-related advertisements earlier this year, warning that risky investments in this and other financial sectors had the potential to harm retail investors. Several weeks ago, however, the company — which was on the receiving end of nearly 39 percent of all digital advertising spending in 2017 — reversed the ban on cryptocurrency ads.

Last week, Google responded to the growing threat of cryptocurrency mining malware by banning obfuscated Chrome extensions that include mining scripts. While some of these extensions had valid purposes — such as allowing a user to donate their idle computer resources to mine coins for charity — malicious developers had also concealed mining scripts inside other extensions that were purportedly designed for completely different functions.

The truth is that anything connected to the internet can be hacked. However, hacking wasn’t always a problem.

The History of Air Gap Technology

Data used to be held offline, in what’s now known as cold storage. Data on external paper cards, then moved to tape and digital media as technology evolved. The first computers built were by default on cold storage or ‘air gap’ technology.

Even when networks were initially built, much of the data still had to be manually connected to the system by adding in the media to a device. In the early days, sensitive codes and information were kept locked in vaults accessible by an authorized individual or in some cases, by multiple people required to key in simultaneously. This approach was the genesis of multi-signature authorization.


Eventually, with the invention of the internet, those computers and that data could be connected to an outside, worldwide network. The concepts upon which the internet was built had some basic principles of security within them, but the exchange of data and the ease of doing so was paramount in the original architecture of the web.

Sensitive institutions were slow to add their most critical data to the internet, and all-important military institutions initially relied on a manual air gap, where a command was sent to a person who would retrieve data devices out of a vault and connect them to a machine for a short period in which they needed to be used.

Some institutions still rely on these methods. The Russian military is famous for its continued reliance on typewriters for some of their most sensitive documents – if it’s never digital, well, it’s certainly a lot harder for your enemies to get their hands on it.

The value of air gap technology is unparalleled in its ability to hide data away from digital thievery; however, inaccessibility has always been its shortcoming. With the institutions using the tech over the course of history, having the physical manpower on hand to mount drives online at a moment’s notice was not an issue, but the corporate application of this technology requires some automation of that process to scale and serve the needs of millions of customers simultaneously.

However, how to bridge that gap without systems being online? The fact is that with a recent invention, human interaction, and the resulting security risk those touch points entail are no longer required to remotely close an air gap.

Application of Air Gap in Crypto Custody

Trezor bitcoin cryptocurrency wallet
Source: Trezor

Individuals have been storing sensitive data on cold storage devices for decades. USB thumb drives are ubiquitous across society these days, and their use for storing cryptocurrency keys began almost as soon as currencies were first invented. Over the years, the complexity of these drives has evolved, and now cold storage wallets like Ledger or Trezor are de rigueur for smaller independent investors.

However, these drives are not a viable solution for larger investors who need instant access to their funds but who do not wish to take the risk of employees carrying around their codes. Additionally, for institutions the gaping holes in the security of these devices, and their applicability to the global needs of their clients renders them useless.

Beginning in 2013, institutional grade custody providers came to market to provide offline storage of digital assets. Amongst the first of these was Xapo, a group focused on serving the needs of long-term holders of cryptocurrency. Xapo built vaults within mountains for the long-term cold storage. Since the founding of this company, many other institutions offering deep cold storage have entered the market.

Most recently, the Winklevoss twins announced a cryptocurrency-based patent in the air gap space, lending even more credibility to the application of the technology. The solutions all rely on a combination of codes on digital or physical (paper or other) media in coordination with some vaulting solution. These options are great if you don’t need to access your keys to make trades; however, trading is a key to doing business.

All of these solutions have the same issue which has vexed institutional investors for years – entirely locking them out of the market in many cases – and that problem is accessibility. The typical solution, like Xapo, requires a 2-day notice to bring your keys online manually for you to make a transaction. This delay means these solutions can’t meet the needs of active investors who need access at a moment’s notice. Additionally, the additional human interaction point represents a significant risk to data.

Remote Automated Air Gap Security (RAAS)

In early 2017, Tony Hasek, one of the founders, of Goldilock was working with a company offering deep cold storage for physical assets – mostly precious metals. He had been trading cryptocurrencies for years and was worried about the constant breaches suffered by even the largest institutions, starting with Mt. Gox back in 2011. Not wanting to carry his codes around, he started thinking about ways to keep them offline using some of the same concepts of cold storage combined with some analog technology he’d worked with back in the 90s.

Combining forces with his co-founder Jarrod Epps, who had also worked with analogue telephony solutions, the two collaborated for several months to build out an architecture which would allow all data to be kept offline in a vaulted, air gap, cold storage state until the exact moment the owner of the data wanted to bring it online (also known as ‘hot’).

By relying on a sophisticated combination of legacy offline technology as a trigger mechanism for remotely-toggling data nodes on/offline, alongside cutting-edge cryptography and biometric gateways, and adding in options for remote multi-sig approvals, the two filed a patent for a unique way to access cold-stored data at a moment’s notice. Also, they built it in a way so simple and secure that anyone with a mobile telephone could use it.

This new RAAS technology (pronounced ‘race’) allows anyone to access their data anytime from anywhere that he or she has a mobile or landline phone.

RAAS into the Future

Remotely accessible air gap technology is truly transformational for the handling of all data across the internet. Institutions such as banks, credit rating agencies, video distribution groups, software developers, healthcare record custodians, crypto funds, crypto custodians, and crypto exchanges have all reached out to get on the waiting list to use this technology.

Outside the cryptocurrency space, being able to bank, manage credit data, health information safely, even personal photos and videos will transform the way consumers interact with the internet, allowing them to do so without fear of hacking, identity theft, or hijacking of their credit.

Leave a Comment

Latest Crypto News

Facebook Hiring: 5 Cryptocurrency Positions Open

Something is definitely brewing in Facebook’s newly formed department. Early in May, there was a rumor that Facebook was interested in opening a cryptocurrency department within its headquarters. The advertised positions are: Two Software Engineers

After Raising $80Million TenX Founder Linked to Pyramid Scheme

TenX president Julian Hosp has been implicated in connection with an Austrian discount shopping service called Lyoness. Lyoness has been declared an illegal pyramid scheme in Norway, Austria, and Switzerland. A video has emerged that appears to show Hosp presenting an

CoinAlpha Gets SEC on Their Ass

CoinAlpha got served with a cease and desist order today from the SEC on the grounds of operating as an unregistered entity. The SEC also accuses the company of being sneaky in the way of

Gazprom Bank Crypto Moves

In terms of assets, the above-mentioned bank is the third largest in Russia, with a management capital in form of assets worth $3.1 billion. And for this reason, for a renowned world power in every

Argo Blockchain Not Feeling the Crypto Winter

Crypto mining company Argo today reported that in the midst of the current bear crypto market, it is registering significant growth and more demand. Up until mid-November, Bitcoin prices had been holding out at the

Who Is Bitcoin’s Anonymous Whale?

A wealthy Bitcoin wallet which had remained inactive for the last 5 years made a surprising hefty deposit of 66, 233 BTC  ($256 million) two days ago. Now, Bitcoin whales (people who hold large amounts

Nexo Dividend Pay-outs Catapults it to the Top

Nexo is a blockchain based system that allows users to access instant loans in fiat dollars by using cryptocurrencies as collateral. This was interesting as the only way cryptocurrencies were in use was through selling

G-20 Okays Cryptocurrency Taxation

Regulation of cryptocurrencies has been a long time coming with the process full of twists and turns. Many countries have set up legislation or are in the process of doing so; it’s not unnatural that

Madness: Venezuela Raises Its Cryptocurrency Price

Venezuela’s President Nicholas Maduro announced on national television on Thursday that the country’s native cryptocurrency Petro’s price had been increased from 3,600 sovereign bolivars to 9,000. Petro was launched early 2018 in the middle of

A Flying Look At Blockchain Tech And Bitcoin

Do you need to know more about Bitcoin and blockchain tech in a hurry? Want to learn what mining is or what block time is? Or just more about the topic in general? The sheer

Sign Up Below!
Airdroppin the Latest Crypto News, Trading Strategies, Tools, & Reviews

Bitcoin Cash
Bitcoin Cash

Crypto Guides & Tutorials

 Crypto Reviews

Subscribe to Our Social Media Daily Crypto Memes
Follow, Like, and Share Our Memes With The World

Pin It on Pinterest

Plus Free Crypto Trading Guides, Tutorials, Latest Crypto News,
and Altcoin Reviews. (Coming Soon: Pro Trading Signals)
We hate spam as much as you do. Unsubscribe anytime.
Plus Free Crypto Trading Guides, Tutorials,
Latest Crypto News, and Altcoin Reviews
(Coming Soon: Pro Trading Signals)
We hate spam as much as you do. Unsubscribe anytime.
Plus Free Crypto Trading Guides, Tutorials, Latest Crypto News,
and Altcoin Reviews. (Coming Soon: Pro Trading Signals)
We hate spam as much as you do. Unsubscribe anytime.
Plus Free Crypto Trading Guides, Tutorials,
Latest Crypto News, and Altcoin Reviews
(Coming Soon: Pro Trading Signals)
We hate spam as much as you do. Unsubscribe anytime.