Attackers distribute the Coinhive Miner using Google Tag Manager

Monero hunters, specializing in the introduction of the Coinhive Miner, have adopted the Google Tag Manager.

As the security researcher Troy Mursch told The Register, he discovered Coinhive on the website of the South American television channel Globovisión. The code of the JavaScript-miner came from the built-in script of the Google Tag Manager Google gtm.js? Id = GTM-KCDXG2D, calling cryptonight.wasm (Coinhive Miner code as Web Assembly – wasm, effective low-level bytecode intended for execution in the browser. the moment is under development.).

Because the code is served by the Google Tag Manager, it does not exist in the source file on the server. The JavaScript file and the gtm.js? Id = GTM-KCDXG2D parameter do not say anything about the purpose of the called code. In fact, hackers hack websites and quietly add tags posted to Google with malicious code, thus hiding the true origin of the scripts.

According to Marsh, the code was removed from the Globovisión site one hour after the discovery. How he got there, it is not known.

Google Tag Manager is a free tool from Google that allows you to place custom scripts on your site without directly interfering with its code. With it, you can add and update Google services scripts on the site, and also set the rules for activating different tags.


Leave a Reply

Your email address will not be published. Required fields are marked *