[NOTICE MALWARE CRYPTOJACKING IN PRESTASHOP] Massive Malware attack trustisimportant.fun to mine cryptocurrencies from PrestaShop online stores using customers CPU/GPU resources

Published On: 4 de April de 2024
  • Cryptocurrency malware. Malicious code to mine cryptocurrencies. PrestaShop Malware. PrestaShop infection. PrestaShop Virus. PrestaShop cryptocurrencies. Malware online stores.

From Liewebs, we have detected that since a few days ago, some cybercriminals are committing massive attacks on PrestaShop online stores which consists of the insertion of malicious code (Malware) within the web site for the performance of cryptocurrency mining illicitly, also known as cryptojacking. This attack makes use of the client devices’ own CPU/GPU resources for these cryptocurrency mining tasks via the web browser.

What is this cryptojacking cyber attack on PrestaShop online stores?

During these days, we have received many requests for URGENT Technical Support from customers with PrestaShop stores that have suffered the same type of attack, so we assume that this is a massive action in a short period of time by these cybercriminals.

This cyberattack, compared to other similar ones, is specially designed for the PrestaShop platform, because it looks for specific files that are only found in this type of ecommerce platforms to perform the insertion of Malware or malicious code related to cryptojacking.

The inserted malware is basically code Javascript executed on the client side, i.e. in the web browser. Below is a screenshot of the malicious code fragment:

Malicious code (Malware) cryptocurrency mining. https://trustisimportant.fun

The purpose of this code is to call the URL https://trustisimportant.fun/karma/karma.js?karma=bs?nosaj=faster.mo from which a much more extensive code is loaded and whose purpose is to carry out tasks of cryptocurrency mining using the resources of the computers or devices of visitors or customers visiting the website at that time. This type of malware is called cryptojacking.

When a customer accesses the infected store, the Malware code is executed in his browser, starting to make use of all the CPU and GPU resources of the computer to perform these mining tasks. The immediate problem the customer is exposed to is that his computer starts to run out of available resources and overheat due to overuse. This could cause serious hardware damage if the browser is not closed in time.

Mining tasks require very powerful equipment with advanced cooling systems.

In fact, the store where the malicious code is located becomes a mere carrier of Malware, without it affecting you directly, except for the penalty you get from the search engines for detecting that the website contains Malware. The benefit obtained by the attacker is to have, in an illicit way, stealing the CPU and GPU resources that will offer the computers of everyone who visits the infected website, in order to perform the tasks of cryptocurrency mining and thus obtain a great profit and economic benefit. The most curious thing about this type of attack is that the user is completely unaware that his computer is being used to mine cryptocurrencies, he only experiences an increase in the use of his CPU, GPU and, as a consequence, a considerable increase in the temperature of these components.

You can read more information about these malware in the following article Cryptocurrency mining malware.

The good news is that this type of attack is not designed to remove data from the website or steal sensitive data from online store users, such as credit/debit card data, personal information, etc… In fact, most PrestaShop online store owners have been able to find out about it from online Malware analysis tools such as Sucuri and others.

In the case of Sucuri, we can guarantee that it detects this type of cyber-attacks, so if you are a PrestaShop online store owner, and you don’t know if you could have been infected by this Malware, we recommend you to take the free scan they offer.

If you have been infected by this Malware, at Liewebs we can give you the best web disinfection service to completely neutralize this malicious code. We have a service of web disinfection and technical support 24 hours a day, 365 days a year.

Recommendations to prevent your website or PrestaShop store from being infected by Malware

The fact that your website or online store is visible on the Internet, is exposed to attack by cybercriminals. The probability increases directly proportional to the increase in traffic to the website and its visibility on the Internet.

One of the best recommendations is to have a professional team, as in Liewebs, to perform monthly maintenance tasks. monthly maintenance tasks so that online stores are always protected using strong security policies and minimizing the appearance of vulnerabilities.

Here are our general recommendations for all PrestaShop online store or website owners:

  • Maintain the PrestaShop platform updated to the latest version.

  • Always update plugins or modules to the latest version.

  • Make use of paid modules instead of free ones. Purchase them on official websites or from certified agencies.

  • Have individual access and strong passwords (more than 15 characters, combining capital letters, special characters, letters and numbers).

  • Provide temporary access to external personnel providing occasional technical support services. Remove them after service.

  • Make use of modules to increase web security, such as the Advanced Anti-Spam System module that prevents unauthorized access to the store and stops Spam practices.

If your store has been infected with any type of Malware, in Liewebs we give you the web disinfection service.

 

We perform an exhaustive search for the inserted malicious code, remove it completely, and apply the necessary techniques to fix the vulnerability that caused the cyber-attack.

 

Artículos relacionados

Échale un vistazo a estos otros artículos relacionados