{"id":323,"date":"2018-05-08T13:59:28","date_gmt":"2018-05-08T13:59:28","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/28936\/Cryptojacking-Campaign-Exploits-Drupal-Bug.html"},"modified":"2018-05-08T13:59:28","modified_gmt":"2018-05-08T13:59:28","slug":"cryptojacking-campaign-exploits-drupal-bug","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/","title":{"rendered":"Cryptojacking Campaign Exploits Drupal Bug"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/03\/06221335\/Crypto_Mining_Bitcoin.jpg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p><strong>UPDATE<\/strong> \u2013 Hundreds of websites running on the Drupal content management system \u2013 including those of the San Diego Zoo and the National Labor Relations Board \u2013 have been targeted by a malicious cryptomining campaign taking advantage of unpatched and recently revealed vulnerabilities.<\/p>\n<p>The attacks, which have impacted over 400 government and university websites worldwide, leverage the critical remote-code execution vulnerability (<a href=\"https:\/\/groups.drupal.org\/security\/faq-2018-002\">CVE-2018-7600<\/a>) dubbed Drupalgeddon 2.0, said Troy Mursch, researcher with Bad Packets Report. The Drupal bug in questions\u00a0has been patched for over a month now.<\/p>\n<p>\u201cAfter the scan completed, the full scope of this cryptojacking campaign was established,\u201d Mursch wrote in a <a href=\"https:\/\/badpackets.net\/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites\/\">report posted Saturday<\/a>. \u201cUsing the bulk scan feature of urlscan.io, it became clear these were all sites were running\u00a0outdated and vulnerable versions of Drupal content management system.\u201d<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">This <a href=\"https:\/\/twitter.com\/hashtag\/cryptojacking?src=hash&amp;ref_src=twsrc%5Etfw\">#cryptojacking<\/a> outbreak started at the zoo and quickly spread to 400+ other sites. <a href=\"https:\/\/t.co\/SNRtysBcsi\">https:\/\/t.co\/SNRtysBcsi<\/a><\/p>\n<p>\u2014 Bad Packets Report (@bad_packets) <a href=\"https:\/\/twitter.com\/bad_packets\/status\/993519523826290688?ref_src=twsrc%5Etfw\">May 7, 2018<\/a><\/p>\n<\/blockquote>\n<p>As of Tuesday evening, Mursch said he has found more websites that were targeted by the attack, including\u00a0that of Lenovo, UCLA, and Office of Inspector General of the U.S. Equal Employment Opportunity Commission (a US federal government agency).<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Sheet has been updated with additional sites. It&#8217;s not an exhaustive list and is subject to change as this <a href=\"https:\/\/twitter.com\/hashtag\/cryptojacking?src=hash&amp;ref_src=twsrc%5Etfw\">#cryptojacking<\/a> campaign is still ongoing. <a href=\"https:\/\/t.co\/AwO2oe1znp\">https:\/\/t.co\/AwO2oe1znp<\/a><\/p>\n<p>\u2014 Bad Packets Report (@bad_packets) <a href=\"https:\/\/twitter.com\/bad_packets\/status\/993644561476894721?ref_src=twsrc%5Etfw\">May 8, 2018<\/a><\/p>\n<\/blockquote>\n<p>The cryptominer in question was made by Coinhive, a company that\u00a0offers a Monero JavaScript miner to websites as a nontraditional way to monetize website content.\u00a0Coinhive\u2019s JavaScript miner software is often used by hackers, who secretly embed the code into websites and then mine Monero currency by tapping the CPU processing power of site visitors\u2019 phones, tablets and computers.<\/p>\n<p>\u201cDigging a little deeper into the cryptojacking campaign, I found in both cases that Coinhive was injected via the same method,\u201d Mursch wrote. \u201cThe malicious code was contained in the\u00a0\u2018\/misc\/jquery.once.js?v=1.2\u2019 JavaScript library.\u201d<\/p>\n<p>Mursch said he was notified\u00a0by one of his Twitter followers\u00a0soon after of additional compromised sites using a different payload \u2013 however, all the infected sites pointed to the same domain using the same Coinhive site key. Coinhive\u2019s site key is\u00a0code linked to a unique cryptographic key that delegates who keeps the\u00a0cryptocurrency that is being mined.<\/p>\n<p>That domain used to inject the malware was vuuwd[.]com, according to Mursch. \u201cOnce the code was deobfuscated, the reference to \u2018http:\/\/vuuwd[.]com\/t.js\u2019 was clearly seen. Upon visiting the URL, the ugly truth was revealed. A slightly throttled implementation of Coinhive was found.\u201d<\/p>\n<p>The site key used, meanwhile, was \u201cKNqo4Celu2Z8VWMM0zfRmeJHIl75wMx6.\u201d Mursch said he confirmed the key was still active by checking in Fiddler.<\/p>\n<p>Mursch said that the miner was only slightly throttled so that it had a reduced impact on visitors\u2019 CPUs and would be harder to detect.<\/p>\n<p>Typically, cryptojacking attacks are not throttled and use 100 percent of the target\u2019s CPU. As a result victims can sometimes experience overheating of their phone or computer as their device gets bogged down by an over-taxed processor.<\/p>\n<p>When trying to nail down the owner of vuuwd[.]com, Mursch came across fake data from WHOIS indicating that \u201cit belongs to \u2018X XYZ\u2019 who lives on \u2018joker joker\u2019 street in China,\u201d he explained in a Tweet. However, the email address that was used (goodluck610@foxmail.com) provided a small hint as it was associated with other registered domains.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">While the clearly fake WHOIS data may seem like a dead end, the same email address (goodluck610@foxmail.com) was used to register five other domains. It&#8217;s likely you&#8217;d find malicious activity tied to these as well. One of the domains references less-fake information. <a href=\"https:\/\/t.co\/IEeqXrAKTT\">pic.twitter.com\/IEeqXrAKTT<\/a><\/p>\n<p>\u2014 Bad Packets Report (@bad_packets) <a href=\"https:\/\/twitter.com\/bad_packets\/status\/992539059485528065?ref_src=twsrc%5Etfw\">May 4, 2018<\/a><\/p>\n<\/blockquote>\n<p>The domain name vuuwd[.]com was also used previously in Monero mining operations through mineXMR[.]com, said Mursch: \u201cWhile it\u2019s somewhat unusual they\u2019d switch from a mining pool with a 1% fee to Coinhive, who takes a 30% cut of all mining proceeds, it was the choice they made,\u201d he said.<\/p>\n<p>Drupalgeddon 2.0, which has been patched for over a\u00a0<a href=\"https:\/\/threatpost.com\/drupal-issues-highly-critical-patch-over-1m-sites-vulnerable\/130859\/\">month<\/a>\u00a0now and impacts versions 6,7, and 8 of Drupal\u2019s CMS platform,\u00a0\u201cpotentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised,\u201d according to MITRE\u2019s Common Vulnerabilities and Exposures bulletin back on March 28.<\/p>\n<p>Since Drupal warned in March that over one million sites running Drupal are impacted by the vulnerability, several exploits, botnets and cryptomining malware have cropped\u00a0up \u2013 including\u00a0a recent attack, leveraging the \u201cKitty\u201d <a href=\"https:\/\/threatpost.com\/kitty-cryptomining-malware-cashes-in-on-drupalgeddon-2-0\/131668\/\">cryptomining<\/a> malware, which cashed in on the vulnerable Drupal websites.<\/p>\n<p>Beyond the Kitty malware, \u00a0researchers have found a\u00a0<a href=\"https:\/\/threatpost.com\/muhstik-botnet-exploits-highly-critical-drupal-bug\/131360\/\">botnet<\/a>, dubbed Muhstik, that installs cryptocurrency miners and launches DDoS attacks via compromised systems. More recently, attackers behind a\u00a0<a href=\"https:\/\/threatpost.com\/ransomware-attack-hits-ukrainian-energy-ministry-exploiting-drupalgeddon2\/131373\/\">ransomware attack<\/a>\u00a0hitting the Ukrainian Energy Ministry appear to have made use of the highly critical remote-code execution bug.<\/p>\n<p>\u201cWe\u2019ve seen plenty examples of Drupalgeddon 2 being exploited in the past few weeks,\u201d said Mursch in the report. \u201cThis is yet another case of miscreants compromising outdated and vulnerable Drupal installations on a large scale. If you\u2019re a website operator using Drupal\u2019s content management system, you need to update to the latest available version ASAP.\u201d<\/p>\n<p>Read More <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/28936\/Cryptojacking-Campaign-Exploits-Drupal-Bug.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":324,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[204],"class_list":["post-323","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackerflawcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cryptojacking Campaign Exploits Drupal Bug 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cryptojacking Campaign Exploits Drupal Bug 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-08T13:59:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/cryptojacking-campaign-exploits-drupal-bug.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"700\" \/>\n\t<meta property=\"og:image:height\" content=\"463\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cryptojacking-campaign-exploits-drupal-bug\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cryptojacking-campaign-exploits-drupal-bug\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Cryptojacking Campaign Exploits Drupal Bug\",\"datePublished\":\"2018-05-08T13:59:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cryptojacking-campaign-exploits-drupal-bug\\\/\"},\"wordCount\":891,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cryptojacking-campaign-exploits-drupal-bug\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/cryptojacking-campaign-exploits-drupal-bug.jpg\",\"keywords\":[\"headline,hacker,flaw,cryptography\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cryptojacking-campaign-exploits-drupal-bug\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cryptojacking-campaign-exploits-drupal-bug\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cryptojacking-campaign-exploits-drupal-bug\\\/\",\"name\":\"Cryptojacking Campaign Exploits Drupal Bug 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cryptojacking-campaign-exploits-drupal-bug\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cryptojacking-campaign-exploits-drupal-bug\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/cryptojacking-campaign-exploits-drupal-bug.jpg\",\"datePublished\":\"2018-05-08T13:59:28+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cryptojacking-campaign-exploits-drupal-bug\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cryptojacking-campaign-exploits-drupal-bug\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cryptojacking-campaign-exploits-drupal-bug\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/cryptojacking-campaign-exploits-drupal-bug.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/cryptojacking-campaign-exploits-drupal-bug.jpg\",\"width\":700,\"height\":463},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cryptojacking-campaign-exploits-drupal-bug\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,flaw,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerflawcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cryptojacking Campaign Exploits Drupal Bug\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cryptojacking Campaign Exploits Drupal Bug 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/","og_locale":"en_US","og_type":"article","og_title":"Cryptojacking Campaign Exploits Drupal Bug 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-08T13:59:28+00:00","og_image":[{"width":700,"height":463,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/cryptojacking-campaign-exploits-drupal-bug.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Cryptojacking Campaign Exploits Drupal Bug","datePublished":"2018-05-08T13:59:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/"},"wordCount":891,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/cryptojacking-campaign-exploits-drupal-bug.jpg","keywords":["headline,hacker,flaw,cryptography"],"articleSection":["Packet Storm"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/","url":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/","name":"Cryptojacking Campaign Exploits Drupal Bug 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/cryptojacking-campaign-exploits-drupal-bug.jpg","datePublished":"2018-05-08T13:59:28+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/cryptojacking-campaign-exploits-drupal-bug.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/cryptojacking-campaign-exploits-drupal-bug.jpg","width":700,"height":463},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/cryptojacking-campaign-exploits-drupal-bug\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,flaw,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflawcryptography\/"},{"@type":"ListItem","position":3,"name":"Cryptojacking Campaign Exploits Drupal Bug"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=323"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/323\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/324"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}