Warning about illegal cryptocurrency mining malware
The Vietnam Computer Emergency Response Team (VNCERT) said it has recorded many information security incidents involving the Coinhive cryptocurrency mining malware hidden on websites.
When users access the website, the Coinhive code library is automatically run on the user's computer as an extension or directly in the browser with the purpose of "mining" virtual currencies Bitcoin, Monero... by illegally using user resources (CPU, hard drive, memory...) and sending it to the hacker's electronic wallet.
To respond to this illegal cryptocurrency mining malware, VNCERT has sent a notice to state agencies and businesses to urgently carry out the following tasks. Specifically, for website administrators: Check and review the source code to detect inserted codes; identifying signs include keywords in the website source code “coinhive.com”, “coinhive”, “coin-hive”, “coinhive.min.js”, “authedmine.com”, authedmine.min.js.
 |
| Warning about illegal cryptocurrency mining malware |
If you discover that your website has been injected with exploit codes as mentioned above, you need to review and check for vulnerabilities on the server, vulnerabilities on the website, and check for exposed accounts that have the right to change the source code, in order to fix the exploited vulnerabilities.
For network administrators, it is necessary to monitor and remove processing on computers in the network that appear to have connections to the following domain names: afminer.com, coin-have.com, coinerra.com, coinhive.com, coinnebula.com, crypto-loot.com, hashforcash.us, jescoin.com, ppoi.org, authedmine.com.
Use a firewall to block outgoing connections to the following addresses: afminer.com, coin-have.com, coinerra.com, coinhive.com, coinnebula.com, crypto-loot.com, hashforcash.us, jescoin.com, ppoi.org, authedmine.com.
Scan and check the system to find and remove code contained in web browser "Add-on" extensions. It is recommended that users install the extensions: "No Coin Chrome" or "minerBlock" for Chrome; install "NoScripts" for Firefox.
Users need to check the CPU usage of the computer using applications such as Windows Task Manager and Resource Monitor. If the computer shows signs of slowness and the CPU usage of browsers or extensions is high, the computer may be infected with Coinhive and the network administrator needs to be notified for handling...
According to Hanoi Moi Newspaper
| RELATED NEWS |
|---|
.jpg "Cảnh báo về một lỗ hổng bảo mật rất nguy hiểm trong các sản phẩm của Apple")
