Security experts have issued an alert about a threatening vulnerability that was uncovered in the CSM platform of Drupa, which is abused by criminals to launch DDoS attacks and install cryptocurrency miners. Analysis of the attacks has concluded that one of the threats that are using this bug is the Muhstik Botnet that by accessing a URL injects the exploiting code, which permits that the attackers perform commands on the servers that execute Drupal. Drupal is aware of the bug and released a patch for it in March. However, more than one million of the sites that run Drupal were affected. The Muhstik Botnet can install two other threats on the infected computer, which will help with the cryptocurrency mining: CGMiner and XMRig. Security researchers also warn that the Muhstik Botnet also can be exploiting vulnerabilities in different server programs.
The only way Drupal users can avoid infection with the Muhstik Botnet is by applying the available patch by updating their software to versions 7.58 05 8.5.1 immediately. Also, the presence of an updated malware scanner can prevent the invasion of threats like the Muhstik Botnet and keep the machine and its users safe.