29 Oct, 2017

Compromising Websites for BitCoin Mining

Learn how hackers can compromise websites for bitcoin mining and how Quttera can help you detect and remove malware from your site.
Bitcoin is a digital currency that has been around since 2008 but was released in 2009. Recently, it has been gaining popularity because of the increasing number of merchants that are accepting bitcoins as a form of payment. Current Bitcoin exchange rate to USD is off the charts and is still climbing higher.
How Hackers Use Your Website for Bitcoin Mining?
One of the ThreatSign customers has recently asked us to monitor their website as they were experiencing high CPU usage. It is not a secret that a high CPU usage could be an indicator that your site has been compromised. Our incident response team investigated the server-side website scanning and external website scanning reports and found a couple of files that were not related to the site.
We also checked the strings in the file and discovered a familiar set of sequences:
You can find here the VirusTotal detection rate of the malicious file.

This type of file has been around since September this year. The attacker was able to compromise the site and use it to mine bitcoin for him. Upon reverse lookup, the site is hosted on a reputable web hosting company. The same IP was also hosting more than 1,000 domains and might also be suffering high CPU usage during bitcoin mining.
We were able to clean the infection and restore a healthy working site for the client. If you want to know more about IoC (Indicator of Compromise), SANS.org published a paper about it.
Is your website flagged for malware, blocked by the search engines or disabled by the host?
Our experts are here to clean up any malware from your sites and remove false-positives, blacklisting and other kinds of alerts by any security vendor and search engines. Just select appropriate ThreatSign! Anti-Malware plan and get back online.

For other issues and help: Quttera help-desk