Recently, 360 Security Center discovered that attackers injected the CryptoMining script into the Chinese official website of the well-known provider of Internet streaming media, RealNetworks. When users open the official website of RealNetworks, it would cause high CPU usage, the processor would get hot, and the computer would be much slower. RealVideo and RealPlayer created by RealNetworks have been widely spread, so the number of users is huge. To prevent being one of the victims, it is recommended to use 360 Total Security to intercept mining pages when surfing the Internet.
Our researcher claimed that the hacker group which injected the malicious code into websites, has been found in mid-May this year. This time it was discovered to infect the well-known provider of Internet streaming media, RealNetworks.
The mining family uses the vulnerability of Drupal to inject the CryptoMining script into websites. Drupal is a free and open source content-management framework written in PHP scripting language. Besides RealNetworks, the United Nations, the White House, the US Department of Commerce, the New York Times, Warner, Disney, FedEx, Sony, Harvard University all use Drupal to create websites. From May to now, in China, nearly 100 websites have been invaded. This time, the target is aimed at RealNetworks with a large number of visits and downloads.
Among the great popularity of CryptoCurrency, the issue regarding CryptoMining malware has become more and more serious. According to “2017 CryptoMining Malware Report” released by 360, the number of crytominer malware attacks revealed in China showed explosive growth in 2017, which has exceeded the sum of the number from 2013 to 2016. Even for the year 2018, dozens of large-scale CryptoMining malware attacks have occurred seriously.
Reminder
We would like to remind our users that a good online habit plays an important role in preventing malware attacks. Do not click on unknown links and do not download unidentified software. If the computer is slow and the CPU usage is high, please use 360 Total Security to scan the computer.
The attack only injected CryptoMining script into websites, but it is expected to be more serious in the future that it may use the vulnerability of Drupal to create Trojan which is available online. We recommend our users to update systems and software to the latest version. Also, in order to fully protect computers, try to avoid using weak passwords, and use security software to intercept CryptoMining.