What is Cryptojacking?

in Security Tags: MagereportSecurity

Cryptojacking is when your computer or mobile device is used to secretly mine crypto currencies when you browse a compromised/infected website. In november 2017, Willem de Groot found that almost 2500 Magento stores are infected with the malware.

In contrast to hacking it does not take any data from a device, but it uses the power of CPU to mine crypto currencies (like Bitcoin or Monero). This is usually done via JavaScript on a website. Users visiting your website will execute this JavaScript which will start mining the crypto currency using the user’s hardware and resources.

This may lead to increased data usage on mobile devices, an increase in electricity usage, potential hardware failure because of constant use over long periods and a slower experience for users due to all their resources being hogged by the crypto miner.

How do I know if my shop has been hacked?

Check Magereport.com

MageReport will scan for specific signatures and can recognize if your site has been hacked. It will only scan the index page of your website. If you want to scan all the directories and files, please read below.

Scan your files for known web shells and malware manually

Byte has added the detection signatures to the malware scanner which you can run on the Hypernode. Read more about this tool on support.hypernode.com.
Every night Byte runs the Malware scanner on every Hypernode. This scan only searches in files which have been edited in the past 24 hours. If the scanner finds a suspicious file, our support department will get a message and will contact you if needed.

My store is hacked, what to do?

This is bad news, please take the following actions immediately:

Install all Magento patches

Scan your shop with MageReport.com and make sure your site has all patches installed. Instructions can be found here.

Remove inactive admin users

In the Magento backend you can find an overview of all admin users. These users have access to your Magento shop. Remove or disable all non-active accounts and set strong passwords for active admin users. If you want to check if you have weak admin passwords, try our tool on the Hypernode: magerun hypernode:crack:admin-passwords

Reset and/or change your Magento admin password

Please have a look at this article for instructions.

Remove inactive FTP users

Read this article on support.hypernode.com on how to add/remove FTP users.
Also, please do not forget to not only remove an inactive FTP user, but also remove it’s IP-address from the whitelist on our Service Panel.