New dangerous server mining virus code meows

The new Monero-mining virus which has recently been discovered and described by cybersecurity experts is notable for various reasons. First of all, its dangerousness surpasses the common mining viruses which either pose as independent programs or hijack the resources of the victims’ computers through an infected website.

This particular criminal tool is focused on the servers using the content management system called Drupal. Through various means of self-preservation and replication, this script can return even if the server owner deleted it. As if the servers’ computational power is not enough, the virus infects all websites operated through the breached system - visitors become in danger too.

And, secondly, hackers behind the virus code have left some easter eggs for those who would be able to read it: the code says “me0w, don’t delete pls i am a harmless cute little kitty, me0w”. The malicious script infecting the websites is called Me0w.js.

The script itself is not CoinHive - despite all the popularity of the latter, hackers chose to use Kkworker, a program based on the popular Xmirg miner. Previous mining viruses described on Bitnewstoday were mostly revolving around CoinHive in various forms, infecting all from regular PCs to Android TV devices.

Image courtesy of Trilulilu