Help regarding injection of coinhive entry

Discussion in 'malware problems & news' started by whitestar_999, Nov 16, 2019.

  1. whitestar_999

    whitestar_999 Registered Member

    Apr 1, 2010

    My friend started facing a particular issue recently where he started getting warning from his AV about cryptominer alert whenever he opened any website in browser.He tried many AVs,even formatted & reinstalled windows with no success.I finally took a look via remote session & after some investigation,found out that whenever a http page is opened a coinhive entry is being loaded when looking at the debugger network tab.I changed the dns,reset the router & cleared the browser cache but problem still remains.An interesting thing was that https sites were not affected.This led me to believe that may be the issue is not with my friend's pc but with his ISP network. I tried with another network(mobile 4g network via hotspot to be precise) & this time the coinhive entry didn't load.

    I asked my friend to contact his ISP but his ISP replied that there is nothing wrong with their network.Logically also there are more chances of my friend's pc/network being infected compared to his ISP network not to mention if that was the case then his ISP would be hearing many similar complaints from other users because from whatever I know any half good/decent av will alert about this coinhive entry if it is getting loaded on every http site.

    Since I am not familiar with how ISP cache works with http traffic passing through it,can somebody here look at the attached files to give some opinion about this.

    Attached Files:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.