• Hype
  • Murai
  • Lipstiq
  • Varnam
  • Hangat
  • Autofreaks
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Mobile Gaming
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zoneUpdated
    • ViewnetUpdated
    • Sri ComputersUpdated
    • StartecUpdated
  • More
    • Artificial Intelligence
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
    • Contact Us
No Result
View All Result
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Mobile Gaming
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zoneUpdated
    • ViewnetUpdated
    • Sri ComputersUpdated
    • StartecUpdated
  • More
    • Artificial Intelligence
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
    • Contact Us
No Result
View All Result
Lowyat.NET
No Result
View All Result

Tuneprotect.com also affected by coinhive cryptocurrency mining breach

by Vijandren
October 3, 2017
Screenshot 2017 10 03 16.46
Share on WhatsappShare on TelegramThreads

It looks like Airasia’s Bigprepaid.com is not the only website affected by a hidden cryptocurrency mining breach today.

Tuneprotect.com, which is owned and operated under the Tune Group banner is also affected by a similar breach.

Screenshot 2017 10 03 17.19
Digging through the source code of both sites, we have managed to locate some of the offending script embedded via an encrypted javascript call to https://coin-hive.com/lib/coinhive.min.js.

Coinhive in itself offers a Javascript miner for the Monero Blockchain. They allow you to embed their code legally on your website so that visitors help you mine XMR  as they browse your site. Its totally up to the website owner whether to inform the users that their CPU cycles are being used for mining or otherwise.

Screenshot 2017 10 03 16.46 1
However in both the incidences of Bigprepaid and Tuneprotect, the code was encrypted and hidden so we are quite sure that this was done with some malicious intent to avoid the cryptocurrency miner being detected by users, or even the legitimate owners of the site.

Untitled 3

At time of writing, the site remains up and running.


(UPDATE – 7PM): 

The offending code has been removed from the site.


(UPDATE – 824PM):

Tune Protect has released a short statement regarding today’s incident, as shown in its fully below:

Today we were made aware of an unauthorised cryptocurrency mining Javascript on Tune Protect’s website. As an immediate response, we have removed the script from our website and we are investigating to identify the source of the script.

We would like to assure our customers that we take their privacy seriously and have strong controls in place to protect their data. There are no personal data nor information breaches from this issue. – Razman Hafidz Abu Zarim, Group CEO, Tune Protect Group Berhad.

In general, the statement seems to be similar to the one released for AirAsia BIG Prepaid’s incident. Nevertheless, Tune Protect existing and potential customers should now be able to browse the website without worrying about unauthorized use by cryptocurrency script.

Related Article MyCERT Warns Of High-Risk Malware Targeting WhatsApp Web And Desktop Users In Malaysia
Filed Under CoinhivecryptocurrencyMalwaremining
Updated 9:50 pm, Tue, 3 October 17
SendShareShareShare1Tweet1

Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news. 

No Result
View All Result

TRENDING THIS WEEK

  1. 1
    Fintech

    BNM To Phase Out Proprietary QR Payment Networks In Malaysia By 2028

  2. 2
    Streaming

    Netflix Now Requires Unique Email For Each Profile Under Shared Accounts

  3. 3
    Transportation

    LRT3 Ditches Tokens For QR Code Tickets, Open Payments Planned For The Future

  4. 4
    Speakers

    Xiaomi Desktop Speaker Pro Set Now Available In Malaysia

  5. 5
    News

    Malaysia’s New Passport Officially Launches

NETWORK

  • Hype
  • Murai
  • Lipstiq
  • Varnam
  • Hangat
  • Autofreaks

ABOUT

  • Advertise
  • Careers
  • Privacy Statement
  • Editorial Policy
  • Terms of Use
  • Contact Us

©2026 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.

No Result
View All Result
  • News
  • Forums
  • Laptops
  • Telco
  • Mobile
  • Gaming
  • Artificial Intelligence
  • Fintech
  • Cryptocurrency
  • Cyber Security
  • Hybrid Vehicles
  • Advertise with Us

©2026 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.

No Result
View All Result
  • News
  • Forums
  • Laptops
  • Telco
  • Mobile
  • Gaming
  • Artificial Intelligence
  • Fintech
  • Cryptocurrency
  • Cyber Security
  • Hybrid Vehicles
  • Advertise with Us

©2026 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.