The developers of the Ghost blogging platform have spent the past 24 hours fighting a cryptocurrency mining malware attack.
In a status update announced on May 3, developers announced that the attack occurred around 1:30 am. UTC. They successfully implemented a solution within four hours and are now continuing to monitor the results.
No sensitive user data compromised
Yesterday’s incident happened at the hacker attacked the back-end infrastructure of Ghost’s “Salt” serverUse authentication bypass (CVE-2020-11651) and directory denial (CVE-2020-11652) to take control of the master server.
Ghost developers said that User credit card information is not affected and they have assured the public that no plain text credentials are stored.. They were made aware of the incident when hackers tried to mine cryptocurrencies through the platform’s servers:
“The mining attempt increased CPU usage and quickly overloaded most of our systems, which immediately made us aware of the problem.”
In an update released in the last hour The Ghost team announced that all traces of the crypto mining virus have been completely removed. They continue to “clean and rebuild” the entire network and, as a precaution, appear to go through all sessions, passwords, and keys of all affected services on the platform.
An audit of the incident will be released later this week.
Crypto mining malware, also known as “cryptojacking”
As Cointelegraph has previously reported, cryptocurrency mining malware – sometimes referred to as “cryptojacking” – has become increasingly common in recent years.
These sneaky attacks try to install malware that uses the processing power of a target computer to mine cryptocurrencies without the owner’s consent or knowledge. As with Ghost, stress on the hardware CPU can be a telltale signal, although many attacks have continued without detection for a long period of time.
Last month, an international group of hacker and cyber security experts, Guardicore Labs, announced that up to 50,000 servers around the world were infected with advanced cryptojacking malware that was undermining a data protection-oriented altcoin, Turtlecoin (TRTL).
The data protection-oriented Monero coin (XMR) was particularly common in crypto-jacking campaigns. In mid-2018, researchers reported that around 5% of the old coins in circulation were manufactured by stealth mining.