Vanwege de aard van het probleem is het onderstaande artikel geschreven in het Engels. Met een Engelstalig artikel hopen we shopeigenaren van over de hele wereld een how-to te bieden om het probleem op te lossen en hun shop goed te beveiligen.

What is Cryptojacking?

Cryptojacking is when your computer or mobile device is used to secretly mine crypto currencies when you browse a compromised/infected website. In november 2017, Willem de Groot found that almost 2500 Magento stores are infected with the malware.

In contrast to hacking it does not take any data from a device, but it uses the power of CPU to mine crypto currencies (like Bitcoin or Monero). This is usually done via JavaScript on a website. Users visiting your website will execute this JavaScript which will start mining the crypto currency using the user’s hardware and resources.

This may lead to increased data usage on mobile devices, an increase in electricity usage, potential hardware failure because of constant use over long periods and a slower experience for users due to all their resources being hogged by the crypto miner.

How do I know if my Magento shop has been hacked?


MageReport will scan for specific signatures and can recognise if your site has been hacked. It will only scan the index page of your website. If you want to scan all the directories and files, please read below.

Scan your files for known web shells and malware manually

Hypernode has added the detection signatures to the malware scanner which you can run on the Hypernode. Read more about this tool on

Every night Hypernode runs the Malware scanner on every Hypernode. This scan only searches in files which have been edited in the past 24 hours. If the scanner finds a suspicious file, our support department will get a message and will contact you if needed.

I have been hacked, what to do?

This is bad news, please take the following actions immediately:

Install all Magento patches

Scan your shop with Magereport and make sure your site has all patches installed.

Remove inactive admin users

In the Magento backend you can find an overview of all admin users. These users have access to your Magento shop. Remove or disable all non-active accounts and set strong passwords for active admin users. If you want to check if you have weak admin passwords, try our tool on the Hypernode:magerun hypernode:crack:admin-passwords

Reset and/or change your Magento password

Please have a look on for instructions.

Remove inactive FTP users

Read this article on on how to add/remove FTP users
Also, please do not forget to not only remove an inactive FTP user, but also remove it’s IP-address from the whitelist on our Service Panel.