• Announcements

    • Marcos

      Filecoder.Crysis updated to decode .dharma files   03/01/2017

      We are happy to announce you that we have updated the Filecoder.Crysis decoder to support decryption of files with the .wallet and .onion extensions. The decoder is downloadable from https://download.eset.com/com/eset/tools/decryptors/crysis/latest/esetcrysisdecryptor.exe.
posdz

Coin-Hive flag as malicious

Recommended Posts

Hope other CDNs will follow suit.

Websites using Cryptocurrency Miners will be banned by CloudFlare

Quote

Now security and DDOS security outfit Cloudfare has added a new ridge to the story by banning several BitTorrent websites that have been employing such miners without implicating visitors. Web sites are being told they’ve employed in a “possible” terms of service violation for employing the software, which Cloudfare has labeled as malware.

“Multiple areas in your account were injecting Coinhive tapping code without notifying users and externally any option to disabling [sic] the mining,” Cloudfare lately told ProxyBunker, a website that provides alternative URLs for forbidden BitTorrent websites. “We consider this to be malware, and as such, the account was suspended, and all areas removed from CloudFlare.”

https://latesthackingnews.com/2017/...cryptocurrency-miners-will-banned-cloudflare/

Share this post


Link to post
Share on other sites

Coin-Hive in an attempt to "clean up its act" is now offering a notification:

Quote

 

Coinhive, which is a legitimate business, promotes its business as an alternative to classic ads and recommends that site owners add warnings to let users know when the script is loaded.

Recently, the company also launched a simple UI widget that site operators can load and let users control when and how the script runs. This widget does not appear on The Pirate Bay site.

Eset_Coin-Hive.png.d611718f26312f889ef5d929840d63ae.png

 

Ref.: https://www.bleepingcomputer.com/news/security/psa-the-pirate-bay-is-running-an-in-browser-cryptocurrency-miner-with-no-opt-out/

The problem as noted in the bleepingcomputer.com article is that its use is optional as noted by Pirate Bay not employing it.

Edited by itman

Share this post


Link to post
Share on other sites

I swear the OP reporting this is some outside foreigner (my bet is Russian) and was making threats of mass spam redirecting users of his site or others using the API towards ESET support for blocking/notifying said malicious script (to run without intent of user knowledge and use CPU resources that could affect the user in question depending on task). OP is most probably some script kiddie, living in moms basement (doesn't pay for electricity), poor and using such tactics to gain monetary funds. A lot of teens to young adults are doing this (I know of a friend who does mining).

CoinHive may offer more transparent options to users but at the end of the day, it's the web admins choice to implement them or not and I would say most will not seeing how ignorant most web users are.

@itman

Eset only detects the script if HTTP scan is on, correct? Was reading some of the previous comments stating it doesn't detect it under certain conditions.

Edited by Morisato

Share this post


Link to post
Share on other sites
12 hours ago, Morisato said:

Eset only detects the script if HTTP scan is on, correct? Was reading some of the previous comments stating it doesn't detect it under certain conditions.

My understanding is Eset will detect the attempted installation of coin miners. It will not detect one executing on a web page you land on. You will have to employ  an adblocker w/coin miner blocking capability or create your own Eset URL filtering block list.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.