Cryptocurrency web mining: In union there is profit

Discussion in 'malware problems & news' started by Minimalist, Sep 14, 2017.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,563
    Location:
    Slovenia
    https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,563
    Location:
    Slovenia
    https://threatpost.com/pirate-bay-spotted-hosting-monero-cryptocurrency-miner
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,563
    Location:
    Slovenia
  4. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    868
    Location:
    Italy
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,486
    Location:
    U.S.A.
    For IE users in regards to CoinHive, Adblock/Fanboy TPL will block the script on websites employing it.

    Also note the following:
    https://blog.malwarebytes.com/threat-analysis/2017/09/drive-by-mining-and-ads-the-wild-wild-west/

    Appears disabling ActiveX is the only solution to the "zombie script" issue. I always have had it disabled as a rule.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,486
    Location:
    U.S.A.
    This one is definitely worth a read. -EDIT- Also the issue is not just hacked web sites but also hacked web servers.

    Hacked Websites Mine Cryptocurrencies
    https://blog.sucuri.net/2017/09/hacked-websites-mine-crypocurrencies.html
     
    Last edited: Sep 28, 2017
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,486
    Location:
    U.S.A.
    Money-making machine: Monero-mining malware
    https://www.welivesecurity.com/2017/09/28/monero-money-mining-malware/
     
  8. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    868
    Location:
    Italy
    Verify that your "NoCoin Filter List" contains a total of 8 rules.
    Sometimes the following rule is missing:


    ||minemytraffic.com^$third-party
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,486
    Location:
    U.S.A.
    Interestingly, Adblock's TP list for IE only includes two of the domains. So, I just manually added all domains listed on GitHub host file list to a URL block list I set up in Eset.
     
  10. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    868
    Location:
    Italy
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,486
    Location:
    U.S.A.
    Hope other CDNs will follow suit.

    Websites using Cryptocurrency Miners will be banned by CloudFlare
    https://latesthackingnews.com/2017/...cryptocurrency-miners-will-banned-cloudflare/
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,563
    Location:
    Slovenia
    https://www.theregister.co.uk/2017/11/07/ufc_coin_hive/
     
  13. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    868
    Location:
    Italy

    https://blog.malwarebytes.com/cyber...al-drive-by-cryptocurrency-mining-phenomenon/
     
  14. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,933
    itman,
    Could you point me in the right direction? What GitHub Host file list, what is the link?
    I'd be interested to do the same as you: adding those in the Eset webaccess block list. Sometimes I too add there domains myself.
    Thanks in advance.

    Edit:
    I think that I found it:
    https://github.com/hoshsadiq/adblock-nocoin-list/
     
    Last edited: Dec 3, 2017
  15. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,933
    A post at DSLR made me aware that there are now some coin-hive entries in the MVPS HOSTS file.
    Indeed, there are some.
     
Loading...