The first 15 sites in the list of targets in this campaign are using vBulletin 4.2.2. The Monero key being used in the malware: $172 USD so theyve made around $48 USD. This seems to make it extremely likely that a vulnerability in the software is being used to add the mining code. This is yet another reason that you should always keep your software up to date, especially when it is internet exposed. So thanks again to @bad_packets for doing a lot of the leg work on uncovering this data.”]
Source: https://laskowski-tech.com/2018/04/08/crypto-jacking-targeting-vbulletin-4-2-x-forums/