Hackers infect official Make-A-Wish site with cryptocurrency mining malware
It seems crypto-jackers have absolutely no ethical standards. After governments, universities, and technology giants, even charitable organizations are finding themselves at the receiving end of cryptocurrency malware. The latest victim is the US-based Make-A-Wish Foundation.
Researchers from security firm Trustwave found that one of the foundation’s websites – worldwisrg – was compromised with cryptocurrency malware known as CoinImp. The malware infects the website with a malicious script to steal visitors’ computing power to covertly mine cryptocurrency.
The researchers note the origin of the malware is likely Make-A-Wish’s decision to use an outdated version of Drupal’s content management system.
Earlier this year, researchers reported hackers had targeted nearly 100,000 Drupal sites as part of a malware campaign that later became popular as “Drupalgeddon 2.” Trustwave suspects the Drupalgeddon hackers might be responsible for the attack on Make-A-Wish too.
According to Trustwave, the mining script has since been removed from the Make-A-Wish website.
Crypto-jacking scripts have become a menace over the past year, infecting websites all across the globe.
Hackers were able to exploit 400 prominent websites using outdated versions of Drupal, including those of the US National Labor Relations Board (NLRB), Chinese tech company Lenovo, Taiwanese network hardware maker D-Link, and the University of California, Los Angeles (UCLA).
It’s not only Drupal sites at risk though. More than 300,000 routers in India and Brazil were found to be infected with cryptocurrency mining malware earlier this year.
A research conducted by McAfee Labs found that more that 2.5 million new cryptojacking scripts were installed just in the second quarter of 2018.
It’s worth pointing out that mining scripts aren’t always planted by hackers. Charities, including Unicef and Changerg, used it on volunteer-basis to raise money for their initiatives — although critics raise doubts on its effectiveness.
If you’re concerned about your computer being unscrupulously used to mine cryptocurrencies, here’s a handy guide on how to stop it.
Google takes on Amazon and Microsoft with new cloud offerings for blockchain devs
Google is slowly gearing up to penetrate the blockchain space. Distributed ledger technology provider Digital Asset announced it has struck a collaboration with the Big G that seeks to bring its “blockchain platform and developer tools” to the Google Cloud Platform.
Digital Asset has effectively created a development kit (to be rolled out at an as yet unknown point in the future) that furnishes cloud customers with the tools to build smart contracts, and test and deploy decentralized applications.
“We are delighted to innovate with Digital Asset in the distributed ledger space [DLT],” said Cloud Platform head of financial services, Leonard Law. “DLT has great potential to benefit customers not just in the financial services industry, but across many industries, and we’re excited to bring these developer tools to Google Cloud.”
The Mountain View giant is still somewhat of a challenger brand in the corporate cloud services game, trailing behind market leaders Amazon and Microsoft. With this in mind, it is no surprise the Alphabet subsidiary is seeking to innovate in the DLT industry, perhaps hedging on the recent uptake in blockchain tech.
Microsoft already offers a suit of blockchain development tools through its cloud service Azure . Likewise, Amazon provides blockchain infrastructure solutions via AWS . It will be interesting to see what Google can add to the mix.
It is worth pointing out that despite labelling the cooperation as an effort in distributed ledger technology, the project will not deliver an entirely decentralized product. But this is not necessarily a bad thing.
Taking a more centralized approach ought to give Google more space to incorporate the benefits of blockchain tech – such as security and transparency – without necessarily sacrificing speed and scalability. This should also make it significantly easier for Cloud Platform users to design and deploy blockchain-powered solutions.
John McAfee has a new business: writing white papers for crappy ICOs
Professional oddball and former antivirus pioneer John McAfee has ventured into an exciting new business opportunity: cranking out white papers for cryptocurrency and blockchain startups that simply lack “ the time or talent” to produce one for their sketchy initial coin offerings (ICO).
The self-proclaimed “crypto visionary” took to Twitter to announce his new service. “My team has created a White Paper production service,” he said.
Details remain scarce, but McAfee says that his service essentially offers “a team of tech writers” capable of fleshing the mad science locked inside the heads of programming talent and putting it on paper.
“ Techies don’t usually tend to be great marketing and tech writing geniuses,” the businessmen said. “That’s why development teams hire ‘tech writers.’ Every one knows this.”
“ Can you imagine what white papers would look like if written by programmers,” McAfee responded, f ending off some of the criticism that individuals lacking the knowledge to churn out a white paper should probably avoid writing one. “ Get fucking real.”
The former antivirus boss has yet to clarify how much the service would cost. “Depends on the amount of work we would have to do,” he commented. “If the development is nearly finished and it’s time to write the white paper then it would be easy.”
“If only a small part of the development is finished, then it would be a serious undertaking,” he continued. “We normally do not work with those.”
One thing we do know, though, is that the new white paper service has no domain for now; and it seems McAfee has no intention of opening one:
We have reached out to ask McAfee about the standard rates and will update this piece accordingly if we hear back.
In the meantime, it might be appropriate to address some concerns with the antivirus-man’s new venture.
While it might be true that not all developers have cultivated the necessary skills to pen a proper white paper, offering a service like this could make the entire cryptocurrency field even more susceptible to scams – and there are too many of these as it is.
The problem with the current blockchain landscape is that many startups base their entire marketing efforts around their white papers. What is particularly troubling is that naive investors often fail to pick up on the technical shortcomings shifty startups detail in their white papers.
Indeed, there have been a series of mishaps with botched blockchain companies and mysteriously disappearing ICOs recently – often after attracting large investments with their “impressive” white papers. McAfee’s new service could exacerbate this harmful trend even further.
In his defense, McAfee has stated that its team will audit the code of all prospective clients before accepting their orders. “ The first step is to determine whether the team even intends to deliver,” he writes. “We’ve solved that now with our extensive background audits.”
“ There is zero chance that a scam could slip by us.”
But then again, this reassurance comes from the same individual who ran an incredibly mischievous weekly rubric, where he recommended a series of crappy altcoins to his followers.
Indeed, one of the cryptocurrencies that McAfee shilled not so long ago – better known as TRON – ultimately turned out to have plagiarized its white paper from competitors .
Do as you wish with your own money: I personally wouldn’t pay a dime to anyone who unironically lauded a parody cryptocurrency for its tech – let alone allow them write a white paper for my startup.
Leave a Comment