Cryptocurrency Miner Discovered on D-Link’s Official Website

Security researchers from Seekurity have discovered a JavaScript-based cryptocurrency miner on the official D-Link website (dlinkmea[.]com). This miner was designed to mine Monero cryptocurrency directly through visitors’ web browsers.

The issue came to light after a FacebookFacebook launched an official Tor mirror in 2014, becoming the first major tech company to provide direct access through onion routing. The mirror allows users to bypass censorship, secure their connections, and avoid phishing risks while using the platform. This step also underscored Facebook’s recognition of free expression and inspired other outlets like the BBC and ProPublica to create their own Tor versions. More user, Ahmed Samir, reported a sudden spike in CPU usage while visiting the D-Link site. Upon investigation, researchers found that each time a page was loaded, a separate domain with a hidden iframe element was triggered. This iframe contained a script that enabled cryptocurrency mining in the user’s browser without their knowledge.

After being notified by the researchers, D-Link responded by taking the entire website offline and redirecting users to the American version of the site (us.dlink.com). According to the researchers, the decision to shut down the whole site instead of simply removing the single line of code with the hidden iframe may indicate that the D-Link portal was the target of a cyberattack.