Security researchers recently analyzed various spam campaigns and discovered a new one related to Bitcoin cryptocurrency that is impacting a lot of websites. For the past months, Bitcoin gained a lot of attention and reached high price levels, followed by various fluctuations. The process of mining consists of verifying other Bitcoin transactions, which users are rewarded for, and is supposed to keep transactions safe and secure.

How the infection is spread

During this spam campaign, online criminals try to inject a malicious script into different WordPress, Joomla, and jBoss legitimate websites. They do this by hiding the unwanted script on the embed site with the main purpose to create a binary file. With the help of this binary file, hackers will misuse the PC’s CPU to access users’ computers to mine Bitcoin. Basically, when visitors access a website that hosts the malicious script, their PC’s CPU is used to mine Bitcoin currency for cyber attackers. It will also collect information from the Bitcoin wallet which has been installed on the compromised machine. Here is how the malicious script is injected with a reference to the following site (sanitized for your own protection) http: // online-game-18 [.] xyz /? c = 41-149-20180219062557833d27348 & pst = 2 & key = [uniktID] The package file provided to the potential victims looks like a game for adults named “The # 1 Adult Game – Free to Play” and containing an executable filename “setup_sex_game.exe” The binary package is digitally certified by Comodo with the following details: Status Valid Issuer COMODO RSA Code Signing CA Valid from 1:00 AM 2/15/2018 to 12:59 AM 2/16/2019 Valid Use Code Signing Algorithm sha256RSA Thumbprint 9FB7FD71BB7DA9C256E872CB56E3808E811990BB Serial number 66 CA 14 17 72 9E 0A BB D8 F9 80 08 A3 97 4B B4 The above domain is hosted on this server (sanitized for your own protection) 212.224.118 [.] 40. Security researchers discovered that it’s the same server linked with other Bitcoin mining domains, including the same offer of a free game. Here’s a list of malicious domains: action8 [.] xyz biggame1 [.] xyz updflash [.] xyz Best-game [.] xyz game18plus [.] xyz need action [.] xyz Win32 flash [.] xyz update-flash [.] xyz Update Flash Player [.] xyz Heimdal Security proactively blocked all infected sites, so all Heimdal™ Threat Prevention and Endpoint Security Suite users are protected. According to VirusTotal, only 16 antivirus engines out of 68 managed to detect the binary package file at the time we write this article. VirusTotal Bitcoin miner

How to protect yourself against malicious script injections

The main issue with the Bitcoin Mining malware is that it acts like a fileless malware and usually go undetected by traditional antivirus products. Injecting a malicious script, hackers can redirect users to a compromised site and steal users’ sensitive data. This is why we strongly recommend users to:

  • Apply all the updates available for your apps (especially the most vulnerable ones: Flash and Java, browsers), software programs and system. Do NOT postpone and neglect to keep your system fully patched. Keeping OS up to date is the best thing users can do for their safety.
  • Be very careful when clicking on suspicious links or websites and always check if the web page’s URL is genuine;
  • Make sure you access sites that use a security certificate or HTTPS to avoid malware infection;
  • Install a reliable antivirus program installed on your computer to protect your valuable data from online threats;
  • Consider adding multiple layers of protection and use also  proactive cybersecurity software solution;
  • Probably one of the best security measure everyone can use is to learn how to easily detect various online threats. We recommend reading these free educational resources to gain more knowledge in the cybersecurity industry.
*This article features cyber intelligence provided by CSIS Security Group researchers.

Cryptocurrency Security: How to Safely Invest in Digital Currency

JavaScript Malware – a Growing Trend Explained for Everyday Users

How Malicious Websites Infect You in Unexpected Ways


An outstanding share! I have just forwarded this onto a coworker who has been conducting a little research on this. And he in fact ordered me lunch due to the fact that I found it for him… lol. So allow me to reword this…. Thanks for the meal!! But yeah, thanx for spending the time to talk about this matter here on your website.|

Hi, after reading this remarkable piece of writing i am too delighted to share my experience here with mates.|

If some one needs to be updated with most up-to-date technologies afterward he must be pay a visit this web page and be up to date daily.| on December 6, 2018 at 5:36 pm

When it comes to malware mining, detection, vulnerability analysis, PEN tests, Network security, IoT, location services, crypto investigative services. I have used this service for work and also personal issues. This team provides the best in online forensics and can help you get almost anything done. Since they are now commercial i thought i should share with you guys too. You can mail the username above

Privileged to read this informative blog on Blockchain. Commendable efforts to put on research the data. Please enlighten us with regular updates on Blockchain. Friends if you’re keen to know more about Blockchain you can watch this amazing AI tutorial on the same.

very nice article keep posting. If you get any updates regarding cyber <a then join with us at Indian Cyber Army news

Leave a Reply

Your email address will not be published. Required fields are marked *