Trump’s campaign site suffered from defacement with Monero request for a short time

Donald Trump’s campaign site briefly reported that visitors could or could not get sensitive information about the US president public by sending Monero cryptocurrencies to wallets.

The defacement revealed a report that the page on donaldjtrump.com had been “confiscated” and that the “world had had enough of the fake news” that the president would spread daily. The criminals claimed to be in possession of sensitive information about Trump and his loved ones, including evidence that the Trump administration was implicated in the origin of the coronavirus.

The criminals called on visitors to donate Monero. They gave two choices with two wallets: donations to one to release the data and donations to the other to not. They promised to compare the results and carry out the “will of the world.” The defacement lasted half an hour, after which the site was repaired.

It is not known how the criminals managed to deface the site. Security company WordFence believes it is most likely that they managed to enter the content management system via stolen login details. The site uses the Expression Engine cms. The login panel was not in the default /admin.php position since 2015, but the malicious parties may have managed to find out the location. The site uses Cloudflare as its content delivery network, which hides the IP address of the hosting server.