Jump to content

Archived

This topic is now archived and is closed to further replies.

itman

Eset Not Detecting Test Coin Miner

Recommended Posts

Just to be sure, I disabled SmartScreen in Edge and still no alert from Eset. Sure the same will happen in IE11. Eset always alerts prior to SmartScreen.

Running EIS ver. 11.2.42 with default settings as far as Internet Protection goes.

Share this post


Link to post
Share on other sites

Also, don't believe this is Coin Hive based since I have the following in an Eset URL block list and those didn't trigger either:

*.coinhive.com/*
*.coin-hive.com/*

Share this post


Link to post
Share on other sites

Not sure what the problem could be. No problems here:

image.png

Share this post


Link to post
Share on other sites

I don't get it either. Below is the code it is executing. The block list should have detected it regardless:

Quote

 

<html>
<script src="https://coinhive.com/lib/coinhive.min.js">
    </script><script>var miner = new CoinHive.Anonymous('VrqhGymiL9VzA7DO9YcZNzOVyNkY6tVS',       {throttle: 0.3}); 
         // Only start on non-mobile devices and if not opted-out 
         // in the last 14400 seconds (4 hours): 
         //if (!miner.isMobile() && !miner.didOptOut(14400))  {   miner.start();

         //}

</script>

</html>

 

If I click on the coinhive link, the block list detects it.

And all PUA detection settings are enabled.

Share this post


Link to post
Share on other sites

@Marcos, it gets weirder.

I am using Easylist Privacy tpl in IE11. Additional in Edge, I am using AdGuard extension with both Easylist Privacy and NoCoin lists. All these will detect Coinhive. None of them triggered in this Wicar.org coin miner test.  

So I went to the AMTSO Desktop Test site and ran the PUA test. Eset performed as expected and alerted on PUA detection. So at this point, I am at a loss as to why this is happening.

Also I am running on Win 10 x(64) 1803.

Looks like Wicar.org copied the code straight from here: https://medium.com/@bitcoinloverr/100-latest-coinhive-javascript-mining-trick-monero-b525f38ce545

Share this post


Link to post
Share on other sites

Mine detects it, but I have to disable my adblock plugin to see ESET's prompt because my adblock will block the mining script before ESET kicks in.

Share this post


Link to post
Share on other sites

- Posting edited to reflect what the issue really was -

Indeed, further testing confirmed tracking protection lists used in Edge and IE11 were intercepting and blocking the connection to coinhive.com prior to Eset having a chance to do likewise. 

As far as the SmartScreen alert, it is a bogus one as most browser based SmartScreen alerts are. All SmartScreen is blocking is access to the wicar.org coin miner test web site; not any actual coin mining activity occurring there.

Share this post


Link to post
Share on other sites

Will also add that I found an obscure European coinhive test web site that SmartScreen does not detects to test Eset's coin miner protection. 

Eset_Coinhive.thumb.png.f1db7bc21b22c43a618c9c4b21e08381.png

 

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×