VNCERT issued an emergency alert warning malicious code exploiting Coinhive virtual money
According to the warning information released on November 16, through the monitoring of incidents on cyberspace in Vietnam, Vietnam Computer Emergency Response Center (VNCERT) said that many incidents have been recorded. Secure information about malicious code exploiting Coinhive virtual money hidden on websites.
When users visit the site, the Coinhive code library will automatically run on the user's computer as an extension or directly in the browser to 'dig' Bitcoin virtual money, Monero . by using Unauthorized user resources such as CPU, hard drive, memory . and sent to hackers' e-wallets.
Facing this fact, VNCERT Center requires leaders of units to direct the units under management to urgently perform necessary tasks to ensure safety and security.
For website administrators, it is necessary to check and review the source code to detect the inserted code. Identifiers include keywords in the website source code 'coinhive.com', 'coinhive', 'coin-hive', 'coinhive.min.js', 'authedmine.com', authedmine.min.js.
If it detects that the website has been inserted with exploitation codes as mentioned above, it is necessary to check and check the vulnerabilities on the server, the vulnerability on the website, check the leaked accounts have the right to change the source code to overcome The vulnerability is exploited.
For network administrators, implement measures to prevent the unauthorized running of "Coinhive" code on the computer as follows: perform monitoring and disassembly on the computers in the network that appear connect to the following domain names: afminer.com, coin-have.com, coinerra.com, coinhive.com, coinnebula.com, crypto-loot.com, hashforcash.us, jescoin.com, ppoi.org, authedmine .com .
Use a firewall to block connections to the following addresses: ifminer.com, coin-have.com, coinerra.com, coinhive.com, coinnebula.com, crypto-loot.com, hashforcash.us, jescoin.com , ppoi.org, authedmine.com .
Scan, examine the system to find and remove code snippets included in the web browser's "Add-on" extension software.
VNCERT recommends that users install extensions: 'No Coin Chrome' or 'minerBlock' for Chrome; Install 'NoScripts' for Firefox.
Along with that, guide users to check the CPU usage of the computer with applications such as Windows Task Manager and Resource Monitor.
If the computer shows signs of slowdown and checks that the performance of the browser or extension CPU is high, it may be that the computer has been infected with Coinhive, urgently need to notify the network administrator for processing.
Regularly check and scan existing vulnerabilities to detect the appearance of malicious code in time. In case of detection of vulnerabilities, immediately implement corrective measures, update additional patches and remove malicious programs that have been inserted by hackers.
After implementation, request the units to report on the situation of infection and the results of processing if available to the National Coordinating Agency (VNCERT Center) before November 30, 2017. VNCERT requires leaders of units to seriously implement the coordination order.
According to ictnews
You should read it
- Test of knowledge about Bitcoin
- Malicious ads dig virtual money right on the browser
- Prosecuting two directors of virtual money bitcoin
- Does virtual currency become Israel's national currency?
- Ethereum phishing attacks help criminals earn $ 15,000 in 2 hours
- Prosecuting two directors for bitcoin business
- The exchange crashed, turning many virtual currency investors into USD billionaires in a few hours
- Hackers are targeting Bitcoin virtual money
May be interested
- What to do when the computer is infected with a virus that fights virtual money?experts from trend micro recommend users to update the latest operating system patches immediately, as well as upgrade trend micro security version 12 and set up high-level protection.
- After WannaCry, Petya's 'extortion' malicious code is raging, this is a remedy to preventthe 'blackmail' malicious code called petya, which appeared under the new version of petrraprap, is similar in effect to the wannacry malicious code, causing the computer system of many multinational companies to be shattered. according to the initial record, these first countries infected with malicious code include ukraine, russia, britain and india.
- Warning: Dangerous new malicious code spills over to Vietnamon the afternoon of february 14, bkav's virus surveillance system issued a warning about a w32.weakpass extortion encryption code-targeting campaign targeting vietnamese public servers of foreign hackers.
- How to handle the emergency WannaCry malicious code from the National Information Security Departmentthe information security department has issued guidelines for emergency handling of wannacry extortion codes for users as well as organizations and businesses to avoid damage caused by this malicious code. vietnam is currently on the list of 20 countries attacked by this malicious code.
- What is Cryptojacking and how to combat this malware?cryptojacking is a new way of using criminals to make money with your hardware. when opening a website in your browser, cryptojacking malware can use the cpu to the maximum to exploit cryptocurrency and it is becoming increasingly popular.
- Warning: GandCrab extortionist code is attacking Vietnama campaign to distribute blackmail gandcrab attacks many countries around the world, including vietnam, discovered by the vietnam computer emergency response center (vncert, ministry of information and communications).
- Beware of deceptive and spreading malicious code via notification links of Google Alertgoogle alerts is a useful and widely used service around the world.
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messengerfrom yesterday (december 18, 2017), a new type of malicious code has appeared and raged in vietnam. this malicious code is not too sophisticated but is spreading very fast through facebook messenger because it is sent from the friends in the friend list.
- What is Bitcoin? Why is Bitcoin not 'virtual money'?what is bitcoin? why do hackers use it? is bitcoin a virtual currency?
- New malware discovered that can bypass Windows SmartScreen and steal user datainternational security researchers from the trend micro team have just issued an urgent warning about a previously unknown type of malware that is actively exploiting the windows defender smartscreen vulnerability cve-2023-36025. and compromise the target computer.