The new Kitty malware doesn't purr, but it seems to do about everything else.
The target is one of the world's most popular content management systems, Drupal, which recently revealed RCE vulnerabilities.
Researchers at Imperva Incapsula say an attacker is taking advantage of this Drupal vulnerability by infecting unpatched versions of the CMS, then using your organization's computing power to mine crypto currency.
That is just for starters.
"Gaining a single, strong mining server is great. The attacker, however, has much bigger plans—distributing the mining effort to the web app visitors," say researchers.
And that's exactly what happens
"They then scan for all JavaScript files on the server and, once found, inject the same malicious me0w.js."
And if your role in cybersecurity is to find and eradicate malware from the network, well, consider the special message hackers have for you in this line of code:
me0w
don't delete, pls I am a harmless cute little kitty
me0w
You wouldn't kick a cute little kitty out of your network or off your website, now would you?
Well, you might, after reading the blog post about how bad this kitty has been!