Jump to content

Coin-Hive flag as malicious


posdz

Recommended Posts

Hope other CDNs will follow suit.

Websites using Cryptocurrency Miners will be banned by CloudFlare

Quote

Now security and DDOS security outfit Cloudfare has added a new ridge to the story by banning several BitTorrent websites that have been employing such miners without implicating visitors. Web sites are being told they’ve employed in a “possible” terms of service violation for employing the software, which Cloudfare has labeled as malware.

“Multiple areas in your account were injecting Coinhive tapping code without notifying users and externally any option to disabling [sic] the mining,” Cloudfare lately told ProxyBunker, a website that provides alternative URLs for forbidden BitTorrent websites. “We consider this to be malware, and as such, the account was suspended, and all areas removed from CloudFlare.”

https://latesthackingnews.com/2017/...cryptocurrency-miners-will-banned-cloudflare/

Link to comment
Share on other sites

Coin-Hive in an attempt to "clean up its act" is now offering a notification:

Quote

 

Coinhive, which is a legitimate business, promotes its business as an alternative to classic ads and recommends that site owners add warnings to let users know when the script is loaded.

Recently, the company also launched a simple UI widget that site operators can load and let users control when and how the script runs. This widget does not appear on The Pirate Bay site.

Eset_Coin-Hive.png.d611718f26312f889ef5d929840d63ae.png

 

Ref.: https://www.bleepingcomputer.com/news/security/psa-the-pirate-bay-is-running-an-in-browser-cryptocurrency-miner-with-no-opt-out/

The problem as noted in the bleepingcomputer.com article is that its use is optional as noted by Pirate Bay not employing it.

Edited by itman
Link to comment
Share on other sites

I swear the OP reporting this is some outside foreigner (my bet is Russian) and was making threats of mass spam redirecting users of his site or others using the API towards ESET support for blocking/notifying said malicious script (to run without intent of user knowledge and use CPU resources that could affect the user in question depending on task). OP is most probably some script kiddie, living in moms basement (doesn't pay for electricity), poor and using such tactics to gain monetary funds. A lot of teens to young adults are doing this (I know of a friend who does mining).

CoinHive may offer more transparent options to users but at the end of the day, it's the web admins choice to implement them or not and I would say most will not seeing how ignorant most web users are.

@itman

Eset only detects the script if HTTP scan is on, correct? Was reading some of the previous comments stating it doesn't detect it under certain conditions.

Edited by Morisato
Link to comment
Share on other sites

12 hours ago, Morisato said:

Eset only detects the script if HTTP scan is on, correct? Was reading some of the previous comments stating it doesn't detect it under certain conditions.

My understanding is Eset will detect the attempted installation of coin miners. It will not detect one executing on a web page you land on. You will have to employ  an adblocker w/coin miner blocking capability or create your own Eset URL filtering block list.

Link to comment
Share on other sites

  • 2 weeks later...

A perfect example of why Eset should be blocking web site coin mining:

Quote

An unknown attacker has hijacked Coinhive's DNS server and replaced the legitimate Coinhive JavaScript in-browser miner with a malicious version that mined Monero for the hacker's own wallet.

According to a Coinhive spokesperson, the incident took place yesterday, October 23, at around 22:00 GMT, and was discovered and resolved a day later.

Coinhive says the hacker logged into the company's Cloudflare account and replaced DNS records, pointing Coinhive's domain to a new IP address.

This new server pushed a custom version of the coinhive.min.js file that contained a hardcoded site key.

Thousands of sites around the world loaded this modified Coinhive script that mined Monero for the hacker, instead of legitimate site owners. A Coinhive spokesperson told Bleeping Computer the hacker had control over its domain name for about six hours.

Ref.: https://www.bleepingcomputer.com/news/security/hacker-takes-over-coinhive-dns-server-after-company-reuses-old-password/

Link to comment
Share on other sites

  • Most Valued Members

That's something i always considered when it comes down to any unauthorised mining. Be it via the browser or installed along side any piece of software. Being anonymous is a major part of the cryptocurrency appeal. The money raised from any of this is untraceable and probably falls into the hands of the wrong people. Even the guys stealing your unauthorised cpu/gpu resources are themself a target for people who wish to steal off them.

Oh the Irony :lol:

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...