Per the report, the CoinImp script infected the website through the drupalupdates.tk domain, which is associated with another campaign that exploited a critical Drupal vulnerability to compromise websites since May 2018.
The researchers noted that the recently detected campaign deployed a number of techniques to evade detection, including alterations of its already obfuscated domain name, as well as different domains and IPs in a WebSocket proxy.
Trustwave reportedly contacted Make-A-Wish in order to report the cryptojacking attack, but the foundation did not respond. However, the malicious injected script was eventually removed shortly after Trustwave attempted to reach the foundation, according to the report.
According to data acquired by Bloomberg, scales of cryptocurrency mining attacks have surged up to 500 percent in 2018. Recently, Internet security provider and research lab McAfee Labs uncovered a new Monero-mining malware called WebCobra that allegedly originates from Russia.
Earlier in November, Japanese global cybersecurity company Trend Micro detected a new strain of crypto-mining malware targeting PCs running Linux.