Categories
Security

RawGit CDN is Abused by CryptoLoot Cryptominers

RawGit CDN is Abused by CryptoLoot Cryptominers

Recently, we came across another way to use files from GitHub repositories in malware infections.

This time the infections weren’t via GitHub.io, raw.githubusercontent.com, or github.com///raw/ URLs. The new trick involved a third-party service called RawGit that provides a CDN for GitHub files.

This is the script that we found injected into .js and theme files on infected Drupal and WordPress sites.

Some of the infections were clearly buggy.

Continue reading RawGit CDN is Abused by CryptoLoot Cryptominers at Sucuri Blog.

Categories
Security

CoinImp Cryptominer and Fully Qualified Domain Names

CoinImp Cryptominer and Fully Qualified Domain Names

We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period).

E.g. “www.example.com”, where “www” is a subdomain, “example” is a second level domain, and “com” is a top level domain.

However, very few know that there is also a DNS root domain and it can be also specified in the fully qualified domain names.

Continue reading CoinImp Cryptominer and Fully Qualified Domain Names at Sucuri Blog.

Categories
Security

New Guide on How to Clean a Hacked Website

New Guide on How to Clean a Hacked Website

Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research website vulnerabilities and who are eager to share with you some tips on how to clean your hacked website.

We are happy to help the community learn the steps they can follow to get rid of a website hack.

You can find all our guides to website security in a section of our website dedicated to providing concise and comprehensive tips on different areas of website security.

Continue reading New Guide on How to Clean a Hacked Website at Sucuri Blog.

Categories
Security

Cryptominers on Hacked Sites – Part 2

Cryptominers on Hacked Sites – Part 2

Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive miners into compromised sites without the consent of the website owners.

We reviewed two types of infections that affected WordPress and Magento sites, and have been monitoring the malicious use of the CoinHive cryptominer. What we are discovering is that there are more and more attacks in the wild using cryptominers, which affects all major CMS platforms.

Continue reading Cryptominers on Hacked Sites – Part 2 at Sucuri Blog.