Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: malware.cryptominer.2

Description: Website contains an encrypted CoinHive JavaScript miner library, which usually means that it's used without webmaster's consent.

The script can be injected into legitimate JavaScript files and look like this:

eval(​function(p,a,c​,k,e,d){e=function(c){return(c<a?'':e(​parseInt(c/a)))+((c=c​%a)
...skipped...
status|case|read|outIdx|​CoinHive​|NODEFS|subarray|SYSCALLS|open|window|hash|target|job|push|file|usedBytes|current|assert|not|IDBFS
...skipped...
providedBuffer|createLazyFile|​CRYPTONIGHT_​WORKER_BLOB|newDir|addrp|oldNode
...skipped...
Exchange|full|unexpected|anode|​EXFULL|Directory'.split('​|'),0,{​}))



Affecting: Any web site (no specific target).

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb