Saturday, July 21, 2018
  • 2018 Popular SIEM Starter Use Cases
  • Threat Hunting for Suspicious Registry and System File Changes
  • Threat Hunting for DDoS Activity and Geographic Irregularities
  • The Current Job Outlook for Threat Hunters
  • Is AWS Lambda the Most Secure Application Platform? Probably.

Security Boulevard

The home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
  • Community
    • Security Bloggers Network
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chats
  • CISO Conversations
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
Data Security Digital Currency Malware Security Bloggers Network 

Home » Cybersecurity » Data Security » Kitty malware gets its claws into Drupal websites to mine Monero

Kitty malware gets its claws into Drupal websites to mine Monero

by Graham Cluley on May 3, 2018

Websites running vulnerable versions of the Drupal content management system are being targeted by the latest incarnation of the Kitty malware family.

Security researchers at Incapsula report that Kitty is attempting to hijack servers using the highly critical Drupalgeddon 2.0 remote code execution exploit (CVE-2018-7600), which was made public at the end of March and exists in many versions of of Drupal 7.x and 8.x.

As the researchers explain, Kitty is unusual because of how it distributes its Monero cryptocurrency-mining code. It compromises internal networks and web application servers as well as hijacks the browsers of visiting web visitors.

Kitty avails itself of open-source mining code to take advantage of visiting browsers, installs a backdoor on infected systems, and contains an automatic updating routine that allows remote hackers to easily push out updates.

The malware is commanded by a mining script named me0w.js.

Embedded within the malware is a message that continues the feline theme:

me0w, don’t delete pls i am a harmless cute little kitty, me0w

Last month, the Kitty malware was discovered targeting web servers running vulnerable versions of the vBulletin CMS. In that case, the attack exploited a vulnerability to embed malicious code posing as a script to load fonts into websites.

That attack, and this latest involving Drupal, underlines the importance of properly maintaining website content management systems with tight security and regular automated updates.

Drupal has warned that it’s not enough to simply update your CMS on affected web servers, as that won’t remove any backdoors that may have been put in place by attackers or fix any unauthorised modifications that have been made to a site. For this reason, it’s a good idea to update Drupal as soon as possible and *then* explore whether the site was compromised (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/kitty-malware-gets-its-claws-into-drupal-websites-to-mine-monero/

May 3, 2018May 3, 2018 Graham Cluley cryptomining, Drupal, Featured Articles, IT Security and Data Protection, Malware
  • ← ProtonMail warns all users to beware of phishing scam
  • 6 Steps to Quickly Defang Reported Phishing Emails →
Featured Blog

2 days ago

Why Drupalgeddon 2.0 May Still Be A Threat To Your Website

4 days ago

3 Essential Steps for Your Vulnerability Remediation Process

1 week ago

Best Practices for Open Source Governance

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

VPNFilter Attack Hits Chlorine Plant in Ukraine
Cybersecurity Job Seekers: Go West (or South)
We Have the Silver Bullet for BS Detection – CISO/Security Vendor Relationship Podcast
Cyberespionage Campaign in Ukraine Uses Free and Custom RATs
Exposed: Exactis’ Database of 340 Million Consumer Records
Survey Finds Breach Discovery Takes an Average 197 Days
Pentester Academy Command Injection ISO: SugarCRM 6.3.1 Exploitation
5 ways to find and fix open source vulnerabilities
Monday, July 16: Dtex, Insider Threat News: Privileged User Dents Apple Self-Driving Car Program; DOJ Says Russia Hacked Clinton Campaign, Issues Indictments Against Spies
Analyzing Oracle Security – Oracle Critical Patch Update for July 2018

Upcoming Webinars

Tue 24

DevOps Security: Build-Time Identification of Security Issues — A case study with Jenkins, Docker, and AWS

July 24 @ 11:00 am - 12:00 pm
Thu 26

Draft and Develop: A Solution to the Cyber Security Skills Shortage

July 26 @ 11:00 am - 12:00 pm
Tue 31

Mastering Machine Learning for Security Professionals: A Discussion

July 31 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The State of Security RSA Special Report

CISO Conversations

CISO/Security Vendor Relationship Podcast

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Key Traits Employers Seek from Information Security Professionals
Careers Cybersecurity Industry Spotlight Security Boulevard (Original) 

Key Traits Employers Seek from Information Security Professionals

July 20, 2018 Jane Thomson | Yesterday 0
It’s Time to Rethink Privileged Account Management
Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

It’s Time to Rethink Privileged Account Management

July 18, 2018 Mark Klinchin | 2 days ago 0
Control, Defend and Extend Container Security
Cybersecurity DevOps Industry Spotlight Security Boulevard (Original) 

Control, Defend and Extend Container Security

July 10, 2018 Kirsten Newcomer | Jul 10 0

Top Stories

Barracuda Networks Extends WAF Reach to Google Cloud Platform
Cloud Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

Barracuda Networks Extends WAF Reach to Google Cloud Platform

July 20, 2018 Michael Vizard | Yesterday 0
Cisco’s Latest Patches Address Critical Flaws, Hardcoded Password
Featured Identity & Access Network Security News Security Boulevard (Original) Spotlight Vulnerabilities 

Cisco’s Latest Patches Address Critical Flaws, Hardcoded Password

July 20, 2018 Lucian Constantin | Yesterday 0
McAfee to Advance Cybersecurity AI via the Cloud
Analytics & Intelligence Cybersecurity Featured News Security Boulevard (Original) Spotlight 

McAfee to Advance Cybersecurity AI via the Cloud

July 19, 2018 Michael Vizard | 1 day ago 0

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2018 Mediaops Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.