Cryptominer injection into RealNetworks website via Drupal vulnerability [360totalsecurity]
by CIRT Team
Recently, 360 Security Center discovered that attackers injected the CryptoMining script into the Chinese official website of the well-known provider of Internet streaming media, RealNetworks. When users open the official website of RealNetworks, it would cause high CPU usage, the processor would get hot, and the computer would be much slower. RealVideo and RealPlayer created by RealNetworks have been widely spread, so the number of users is huge. To prevent being one of the victims, it is recommended to use 360 Total Security to intercept mining pages when surfing the Internet.
Our researcher claimed that the hacker group which injected the malicious code into websites, has been found in mid-May this year. This time it was discovered to infect the well-known provider of Internet streaming media, RealNetworks.
The mining family uses the vulnerability of Drupal to inject the CryptoMining script into websites. Drupal is a free and open source content-management framework written in PHP scripting language. Besides RealNetworks, the United Nations, the White House, the US Department of Commerce, the New York Times, Warner, Disney, FedEx, Sony, Harvard University all use Drupal to create websites. From May to now, in China, nearly 100 websites have been invaded. This time, the target is aimed at RealNetworks with a large number of visits and downloads.
For more, click here.