The Drupal vulnerability (CVE-2018-7600), dubbed Drupalgeddon2, has been exploited in the wild to deliver malware backdoors and cryptocurrency miners. Site admins were highly recommended to patch the issue by updating their CMS to Drupal 7.58 or Drupal 8.5.1 as soon as possible. The SANS Internet Storm Center spotted some attacks to deliver a cryptocurrency miner, a PHP backdoor, and an IRC bot written in Perl. In its advisory, Drupal warned that “sites not patched by Wednesday, 2018-04-11 may be compromised”
Source: https://thehackernews.com/2018/04/drupal-cryptocurrency-hacking.html