Cookie consent script contains monero miner

A cookie consent popup tool was loaded with malicious code to mine Monero.
  • A free script for helping website owners show EU cookie consent popups is maliciously deploying a cryptocurrency miner on websites that implement it.
  • One of their cookie consent scripts contained the Crypto-Loot in-browser Monero miner.
  • Security researcher Willem de Groot first found the miner on the website of Albert Heijn, the largest Dutch supermarket chain.
  • A closer inspection of the site’s JavaScript files revealed that a “cookiescript.min.js” file loaded from cookiescript.info was causing the infection. This was registered to the Cookie Consent service.
  • The Cookie Consent administrators appear to have noticed the miner and have since issued a clean alternative file.
  • Despite this, the website itself continues to deliver an older version of its own script and the WordPress plugin still loads the miner.
  • Website administrators who downloaded the files for local hosting are not affected.
  • De Groot says he discovered at least 243 websites deploying the malicious miner.
  • Just last week, he published similar research detailing the discovery of Coinhive mining scripts on 2,496 webstores. Most had been hacked, with 80% also hosting credit card stealing malware on their checkout pages.
  • In a report issued Monday, Check Point ranked Coinhive as the sixth most used malware strain for the month of October. Last week, Malwarebytes said it blocked almost 8 million Coinhive domain requests per day on average.

So you Think Shes Cheating on You - Put Your Mind at Rest With FlexiSPY (728x90)

Be the first to comment

Leave a Reply

Your email address will not be published.


*