Animated Weather Widget Plugin by weatherfor.us was removed recently from the WordPress plugins repository because it was carrying Crypto Minning hack that was using the resources of website visitors or any website that was running this plugin.
As the WordFence investigated, it appears that the plugin was removed from the Repo, because it was including JavaScript code that would mine Monero cryptocurrency using the CPU resources of the site visitors.
It works as follows:
- A WordPress site owner installs the “Animated Weather” plugin.
- The plugin loads an iframe. This allows the owner to include any code they want in visitors’ browsers, and to change the code at any time.
- The iframe loads code from CoinHive that mines the Monero cryptocurrency. The mining activity uses significant site visitor CPU resources.
- Earnings are sent back to CoinHive and aggregated into the account owner’s bank account. Presumably, the account owner in this case is the owner of the “Animated weather” plugin. CoinHive keep 30% of the profits.
This allows the plugin owner to earn money by using the CPU resources of visitors to sites using the “Animated weather” plugin.
You can also watch the WordFence video on this for more insights on the way plugin is working his crap.
Two months ago, the Showtime websites showtime.com and showtimeanytime.com were found mining cryptocurrency. It is still unclear whether they were hacked, or if they placed the code there voluntarily. Other websites like The Pirate Bay have added the CoinHive Monero mining code to try to earn additional revenue.
If you are interested more in this topic, you can read more on WordFence website.