According to Palo Alto Networks specialists, malicious activity was detected on some sites with the highest traffic. According to the results of
Alexa is an online service that evaluates and ranks sites depending on their popularity, traffic and other factors.
According to Palo Alto Networks specialists, some sites with the highest traffic detected malicious activity, such as cryptomainers and skimmers. The problem affects the following domains: libero[.]it (a number of Italian sites offering various services, including e-mail, search engine, news portal, etc.), pojoksatu[.]id (Indonesian news resource), www[.]heureka[.]cz (the largest e-commerce platform in Central and Eastern Europe) and zoombangla[.]com (Bangladeshi news resource).
As reported in the Palo Alto Networks report, there are currently two sites that still serve Coinhive meiner – coinhive.min.js and JSEcoin. The problem affects users when they get to a site infected with the liner. In this case, the use of their CPU is significantly increased.
The researchers also found several cases of malicious links being introduced into advertisements on popular sites. In particular, at libero.it, ads with links redirecting users to a malicious site infecting users’ systems with JSEcoin script were found on a used car sales site.
Although JSEcoin scripts are still working, cybercriminals can no longer receive the cryptographic software they generated because the service was shut down in April this year.
Online-skimmers are used in so-called Magecart attacks and intercept bank card data entered by users in their browsers. Researchers have noticed that in the code of websites of online stores selling various products heureka.cz, there are links downloading obfuscated skimming scripts. This means that attackers can upload scripts to the page, hiding them behind the redirection pages placed on the compromised domain.