Malicious Website Cryptominers from GitHub. Part 2.

less than 1 minute read

Malicious Website Cryptominers from GitHub. Part 2.<p>Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time, we noticed another attack that also used GitHub for serving malicious code.</p>

Encrypted CoinHive Miner in Header.php

The following encrypted malware was found in the header.php file of the active WordPress theme:

There are four lines of code in total. Each, when decoded, plays a different role.

CoinHive Injections

When decoded, the last two lines inject typical CoinHive cryptocurrency miners:

The miner is only shown conditionally, so bots are excluded and only human visitors will receive it.

Continue reading Malicious Website Cryptominers from GitHub. Part 2. at Sucuri Blog.

Spotlight on Women in Cybersecurity

less than 1 minute read

Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into workin...

Hacked Website Trend Report – 2018

less than 1 minute read

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...