Hi, recently my AV (Eset) software is picking up crypto mine malware on your hexus website and the left & right hand side Adverts are being blocked. Something like j.f coin or J.coin
I thought i'll let you know.
Log;
(Please dont click on the URL)
Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
11/12/2017 11:45:54;JavaScript scanner;file;http://www.thefashiondistrict.net/a-...JS/CoinMiner.F potentially unwanted application;blocked;
Kanoe (13-12-2017),Millennium (11-12-2017)
Which ones exactly? Do you mean the site skins "behind" the site? Mind sending me a screenshot highlighting which ones?Originally Posted by Jace007
Half dev, Half doge. Some say DevDoge
Feel free to message me if you find any bugs or have any suggestions.
If you need me urgently, PM me
If something is/was broke it was probably me. ¯\_(ツ)_/¯
and there was me thinking the site had started a crypto currency. Not sure what you would buy with HexusCoin mind
Hmmm. Wonder how easy this would be to setup.and there was me thinking the site had started a crypto currency. Not sure what you would buy with HexusCoin mind
Half dev, Half doge. Some say DevDoge
Feel free to message me if you find any bugs or have any suggestions.
If you need me urgently, PM me
If something is/was broke it was probably me. ¯\_(ツ)_/¯
Mylons Yes the site skins with the Adverts. Is shows it as Threat JS/CoinMiner.F - My AV has blocked it 3 times, Even after clearing my chrome browser data.
Odd, the page containing the mining JS file is now throwing what seems to be a legit 404. Is this happening every load of the page. Please can you link me the exact HEXUS page this happened on.
Half dev, Half doge. Some say DevDoge
Feel free to message me if you find any bugs or have any suggestions.
If you need me urgently, PM me
If something is/was broke it was probably me. ¯\_(ツ)_/¯
Hi Jace
I've just instaled ESET 30 day trial to see how this shows up.
So far nothing, so please can you tell me : Does it do it every visit?
I've been to check it's working, and it detected Coinhive instantly, but I'm pleased to say so far no HEXUS pages have gone ping on the radar.
I will keep checking, but please keep me posted too
hey Zak, I've gone to another PC now, after going into the main page and then at Random going into different pages its pop up again
Its strange i've never seen this before on Hexus - thou it mentions a File on my Computers, Its only when i'm on the hexus site. No other sites gets this & I have run a full Av & malware scan of both Pcs. maybe a False positive i'm not sure
http://tinypic.com/r/1234coo/9
tis strange
that IS the same pop up I get when going to a known coinminer site but we're not doing that, and won't
You've got an ad blocker running, as we have a Site Skin running and I cant see it on your screenshot. Does it still do it if you turn Ad Blocker off?
I dont have any Ad blocker extension. Whatever its stopping is straight from eset nod32
How much money have you collected eh eh ?
I noticed when viewing https://hexus.net/tech/news/storage/...mr-technology/
that the task manager I just happened to have open jumped to 50% on all 8 cores. That is the latest Firefox on Windows.
From the Chome profiling tool in the dev console, on the link DanceswithUnix posted:
Definitely mining going on, cryptonight is the algorithm used for Monero mining. With adblock enabled, no mining.
It's coming from https://api.300ca0d0.space/ or at least https://api.300ca0d0.space/lib/ is in the JS.
Last edited by Bagnaj97; 12-12-2017 at 10:23 AM.
I'm very suspicious of a script being loaded from zenoviaexchange.com, which is hugely obfuscated.
I honestly wouldn't mind too much if Hexus was using a background miner instead of adverts (particularly if it was throttled like this one, which is only tapping ~ 40% CPU usage on my laptop), but I rather suspect this is an advert that's running it surreptitiously in the background and Hexus isn't getting the benefit...
MLyons (12-12-2017)
we utterly are not deliberately running a miner.
We're trying to replicate it, and will keep at it.
This seems to have hit Reddit. https://www.reddit.com/r/pcgaming/co...ntly_tries_to/
scaryjim (12-12-2017)
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
