Cryptocurrency web mining: In union there is profit

Discussion in 'malware problems & news' started by Minimalist, Sep 14, 2017.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    https://threatpost.com/pirate-bay-spotted-hosting-monero-cryptocurrency-miner
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  4. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,345
    Location:
    Italy
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    For IE users in regards to CoinHive, Adblock/Fanboy TPL will block the script on websites employing it.

    Also note the following:
    https://blog.malwarebytes.com/threat-analysis/2017/09/drive-by-mining-and-ads-the-wild-wild-west/

    Appears disabling ActiveX is the only solution to the "zombie script" issue. I always have had it disabled as a rule.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    This one is definitely worth a read. -EDIT- Also the issue is not just hacked web sites but also hacked web servers.

    Hacked Websites Mine Cryptocurrencies
    https://blog.sucuri.net/2017/09/hacked-websites-mine-crypocurrencies.html
     
    Last edited: Sep 28, 2017
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Money-making machine: Monero-mining malware
    https://www.welivesecurity.com/2017/09/28/monero-money-mining-malware/
     
  8. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,345
    Location:
    Italy
    Verify that your "NoCoin Filter List" contains a total of 8 rules.
    Sometimes the following rule is missing:


    ||minemytraffic.com^$third-party
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Interestingly, Adblock's TP list for IE only includes two of the domains. So, I just manually added all domains listed on GitHub host file list to a URL block list I set up in Eset.
     
  10. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,345
    Location:
    Italy
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Hope other CDNs will follow suit.

    Websites using Cryptocurrency Miners will be banned by CloudFlare
    https://latesthackingnews.com/2017/...cryptocurrency-miners-will-banned-cloudflare/
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    https://www.theregister.co.uk/2017/11/07/ufc_coin_hive/
     
  13. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,345
    Location:
    Italy

    https://blog.malwarebytes.com/cyber...al-drive-by-cryptocurrency-mining-phenomenon/
     
  14. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    itman,
    Could you point me in the right direction? What GitHub Host file list, what is the link?
    I'd be interested to do the same as you: adding those in the Eset webaccess block list. Sometimes I too add there domains myself.
    Thanks in advance.

    Edit:
    I think that I found it:
    https://github.com/hoshsadiq/adblock-nocoin-list/
     
    Last edited: Dec 3, 2017
  15. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    A post at DSLR made me aware that there are now some coin-hive entries in the MVPS HOSTS file.
    Indeed, there are some.
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  17. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Campaign is using a recently released WebLogic exploit to deploy a Monero miner
    https://isc.sans.edu/forums/diary/C...Logic exploit to deploy a Monero miner/23191/

     
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    https://www.infosecurity-magazine.com/news/monero-cryptomining-invades/
     
  19. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    https://www.infosecurity-magazine.com/news/coffeeminer-mine-for-monero/
     
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Hackers Make Whopping $226K Installing Monero Miners on Oracle WebLogic Servers
    https://www.bleepingcomputer.com/ne...ing-monero-miners-on-oracle-weblogic-servers/
     
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Linux and Windows Servers Targeted with RubyMiner Malware
    https://www.bleepingcomputer.com/ne...dows-servers-targeted-with-rubyminer-malware/
     
  22. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    https://www.theregister.co.uk/2018/...ip_coinhive_mining_code_into_doubleclick_ads/
     
  23. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,083
    Location:
    Texas
    Smart Homes May Hide Crypto Mining Schemes
     
  24. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    http://securityaffairs.co/wordpress/68949/malware/crypto-mining-scripts.html
     
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    https://www.securityweek.com/crypto-mining-malware-infects-thousands-websites
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.