SANS ISC

[SANS ISC] Cryptominer Delivered Though Compromized JavaScript File

Malware, SANS Internet Storm Center, Security One comment

I published the following diary on isc.sans.org: “Cryptominer Delivered Though Compromized JavaScript File“:

Yesterday I found an interesting compromised JavaScript file that contains extra code to perform crypto mining activities. It started with a customer’s IDS alerts on the following URL:

hxxp://safeyourhealth[.]ru/wp-content/themes/wp-trustme/js/jquery.prettyphoto.js

This website is not referenced as malicious and the domain looks clean. When you point your browser to the site, it loads the JavaScript file. So, I performed some investigations on this URL. jquery.prettyphoto.js is a file from the package pretty photo[1] but the one hosted on safeyourhealth[.]ru was modified… [Read more]

One comment

  1. Pingback: [SANS ISC] Cryptominer Delivered Though Compromized JavaScript File | Atlantic Tagmata AI Security Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.