Make-A-Wish Website Visitors Compromised by Crypto Mining Malware

During the season of giving, visitors of a non-profit organization had been giving away their computing power to mine cryptocurrencies without permission, a technology security group recently found.

Trustwave detected a cryptojacking malware on the official website of Make-A-Wish Foundation. This malicious software used the visitors’ units to illicitly mine cryptos, mostly coins on networks that can be mined competitively using only CPUs.

Make-A-Wish Foundation is an Arizona-based non-profit organization that grants the wish of selected children with serious illnesses or terminal diseases.

Meanwhile, Simon Kenin, a security researcher at Trustwave, explained that the mining software embedded on the website is called CoinIMP, a JavaScript miner built to mine privacy-focused crypto Monero (XMR), among others.

He added that a malicious third party, not the Make-A-Wish Foundation, added the illegal miner to the website.

Shortly after Trustwave unsuccessfully reached out to Make-A-Wish, the CoinIMP miner was removed from the website.

Cryptojacking has been prevalent in the past months after the entire crypto sector became more popular and more valuable. A study from the Cyber Threat Alliance released last September found that the number of illegal crypto miners found increased by 459 percent in between 2017 and 2018.

| Related: Cryptojacking Incidents Skyrocketed in H1 2018, Says Security Report