Wednesday, June 18, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Digital Currency Malware Security Bloggers Network 

Home » Cybersecurity » Data Security » Kitty malware gets its claws into Drupal websites to mine Monero

SBN

Kitty malware gets its claws into Drupal websites to mine Monero

by Graham Cluley on May 3, 2018

Websites running vulnerable versions of the Drupal content management system are being targeted by the latest incarnation of the Kitty malware family.

Security researchers at Incapsula report that Kitty is attempting to hijack servers using the highly critical Drupalgeddon 2.0 remote code execution exploit (CVE-2018-7600), which was made public at the end of March and exists in many versions of of Drupal 7.x and 8.x.

Techstrong Gang Youtube
AWS Hub

As the researchers explain, Kitty is unusual because of how it distributes its Monero cryptocurrency-mining code. It compromises internal networks and web application servers as well as hijacks the browsers of visiting web visitors.

Kitty avails itself of open-source mining code to take advantage of visiting browsers, installs a backdoor on infected systems, and contains an automatic updating routine that allows remote hackers to easily push out updates.

The malware is commanded by a mining script named me0w.js.

Embedded within the malware is a message that continues the feline theme:

me0w, don’t delete pls i am a harmless cute little kitty, me0w

Last month, the Kitty malware was discovered targeting web servers running vulnerable versions of the vBulletin CMS. In that case, the attack exploited a vulnerability to embed malicious code posing as a script to load fonts into websites.

That attack, and this latest involving Drupal, underlines the importance of properly maintaining website content management systems with tight security and regular automated updates.

Drupal has warned that it’s not enough to simply update your CMS on affected web servers, as that won’t remove any backdoors that may have been put in place by attackers or fix any unauthorised modifications that have been made to a site. For this reason, it’s a good idea to update Drupal as soon as possible and *then* explore whether the site was compromised (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/kitty-malware-gets-its-claws-into-drupal-websites-to-mine-monero/

May 3, 2018May 3, 2018 Graham Cluley cryptomining, Drupal, Featured Articles, IT Security and Data Protection, Malware
  • ← ProtonMail warns all users to beware of phishing scam
  • 6 Steps to Quickly Defang Reported Phishing Emails →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

Upcoming Webinars

How to Spot and Stop Security Risks From Unmanaged AI Tools

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

Meta AI is a ‘Privacy Disaster’ — OK Boomer
Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks
Microsoft Data Loss Prevention (DLP): Tips to Protect Your Business Following the Latest Outage
Hacktivists Strike Within Minutes of Israel Missile Attacks on Iran Nuclear Sites 
Washington Post Journalists’ Microsoft Email Accounts Hacked
DNS Rebind Protection Revisited
News alert: Arsen launches AI-powered vishing simulation to help combat voice phishing at scale
Shadow AI: Examples, Risks, and 8 Ways to Mitigate Them
Guardrails Breached: The New Reality of GenAI-Driven Attacks
OAuth 2.0 Security Best Practices: How to Secure OAuth Tokens & Why Use PKCE

Industry Spotlight

Novel TokenBreak Attack Method Can Bypass LLM Security Features
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Vulnerabilities 

Novel TokenBreak Attack Method Can Bypass LLM Security Features

June 17, 2025 Jeffrey Burt | Yesterday 0
Washington Post Journalists’ Microsoft Email Accounts Hacked
Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches 

Washington Post Journalists’ Microsoft Email Accounts Hacked

June 16, 2025 Jeffrey Burt | 1 day ago 0
Meta AI is a ‘Privacy Disaster’ — OK Boomer
Application Security Cloud Security Cyberlaw Cybersecurity Data Privacy DevOps Featured Governance, Risk & Compliance Humor Industry Spotlight Mobile Security Most Read This Week News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threats & Breaches 

Meta AI is a ‘Privacy Disaster’ — OK Boomer

June 13, 2025 Richi Jennings | 4 days ago 0

Top Stories

U.S. Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence 

U.S. Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam

June 17, 2025 Jeffrey Burt | Yesterday 0
Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Malware Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Vulnerabilities 

Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks

June 13, 2025 Jeffrey Burt | 4 days ago 0
Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again?
Analytics & Intelligence Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Malware Most Read This Week Network Security News Popular Post Ransomware Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Huge Food Wholesaler Paralyzed by Hack — is it Scattered Spider Again?

June 10, 2025 Richi Jennings | Jun 10 0

Security Humor

Randall Munroe’s XKCD ‘Alert Sound’

Randall Munroe’s XKCD ‘Alert Sound’

Download Free eBook

Managing the AppSec Toolstack

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×