SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware.cryptominer.2

malware.cryptominer.2

Description:
Website contains an encrypted CoinHive JavaScript miner library, which usually means that it's used without webmaster's consent.

The script can be injected into legitimate JavaScript files and look like this:

eval(​function(p,a,c​,k,e,d){e=function(c){return(c<a?'':e(​parseInt(c/a)))+((c=c​%a)
...skipped...
status|case|read|outIdx|​CoinHive​|NODEFS|subarray|SYSCALLS|open|window|hash|target|job|push|file|usedBytes|current|assert|not|IDBFS
...skipped...
providedBuffer|createLazyFile|​CRYPTONIGHT_​WORKER_BLOB|newDir|addrp|oldNode
...skipped...
Exchange|full|unexpected|anode|​EXFULL|Directory'.split('​|'),0,{​}))

Affecting: Any web site (no specific target).