Popular sites are infected with skimmers and cryptomainers

Popular sites are infected with skimmers and cryptomainers

According to Palo Alto Networks specialists, malicious activity was detected on some sites with the highest traffic. According to the results of research by Palo Alto Networks specialists, a large number of popular sites from the top 10,000 Alexa ranking are infected with cryptographic miners and skimmers (scripts that steal bank card data).

Alexa is an online service that evaluates and ranks sites depending on their popularity, traffic and other factors.

According to Palo Alto Networks specialists, some sites with the highest traffic detected malicious activity, such as cryptomainers and skimmers. The problem affects the following domains: libero[.]it (a number of Italian sites offering various services, including e-mail, search engine, news portal, etc.), pojoksatu[.]id (Indonesian news resource), www[.]heureka[.]cz (the largest e-commerce platform in Central and Eastern Europe) and zoombangla[.]com (Bangladeshi news resource).

At one time, the legitimate Coinhive service provided JavaScript masters of crypt-currency capable of generating Monero directly in the browser. That is, the script could control CPU usage and number of threads created for mining. However, Coinhive was closed due to cybercriminal abuse.

As reported in the Palo Alto Networks report, there are currently two sites that still serve Coinhive meiner – coinhive.min.js and JSEcoin. The problem affects users when they get to a site infected with the liner. In this case, the use of their CPU is significantly increased.

The researchers also found several cases of malicious links being introduced into advertisements on popular sites. In particular, at libero.it, ads with links redirecting users to a malicious site infecting users’ systems with JSEcoin script were found on a used car sales site.

Although JSEcoin scripts are still working, cybercriminals can no longer receive the cryptographic software they generated because the service was shut down in April this year.

Online-skimmers are used in so-called Magecart attacks and intercept bank card data entered by users in their browsers. Researchers have noticed that in the code of websites of online stores selling various products heureka.cz, there are links downloading obfuscated skimming scripts. This means that attackers can upload scripts to the page, hiding them behind the redirection pages placed on the compromised domain.


Taken from here.

WARNING! All links in the articles may lead to malicious sites or contain viruses. Follow them at your own risk. Those who purposely visit the article know what they are doing. Do not click on everything thoughtlessly.


0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments

Do NOT follow this link or you will be banned from the site!
Would love your thoughts, please comment.x

Spelling error report

The following text will be sent to our editors: