VNCERT issued an emergency alert warning malicious code exploiting Coinhive virtual money
According to the warning information released on November 16, through the monitoring of incidents on cyberspace in Vietnam, Vietnam Computer Emergency Response Center (VNCERT) said that many incidents have been recorded. Secure information about malicious code exploiting Coinhive virtual money hidden on websites.
When users visit the site, the Coinhive code library will automatically run on the user's computer as an extension or directly in the browser to 'dig' Bitcoin virtual money, Monero . by using Unauthorized user resources such as CPU, hard drive, memory . and sent to hackers' e-wallets.
Facing this fact, VNCERT Center requires leaders of units to direct the units under management to urgently perform necessary tasks to ensure safety and security.
For website administrators, it is necessary to check and review the source code to detect the inserted code. Identifiers include keywords in the website source code 'coinhive.com', 'coinhive', 'coin-hive', 'coinhive.min.js', 'authedmine.com', authedmine.min.js.
If it detects that the website has been inserted with exploitation codes as mentioned above, it is necessary to check and check the vulnerabilities on the server, the vulnerability on the website, check the leaked accounts have the right to change the source code to overcome The vulnerability is exploited.
For network administrators, implement measures to prevent the unauthorized running of "Coinhive" code on the computer as follows: perform monitoring and disassembly on the computers in the network that appear connect to the following domain names: afminer.com, coin-have.com, coinerra.com, coinhive.com, coinnebula.com, crypto-loot.com, hashforcash.us, jescoin.com, ppoi.org, authedmine .com .
Use a firewall to block connections to the following addresses: ifminer.com, coin-have.com, coinerra.com, coinhive.com, coinnebula.com, crypto-loot.com, hashforcash.us, jescoin.com , ppoi.org, authedmine.com .
Scan, examine the system to find and remove code snippets included in the web browser's "Add-on" extension software.
VNCERT recommends that users install extensions: 'No Coin Chrome' or 'minerBlock' for Chrome; Install 'NoScripts' for Firefox.
Along with that, guide users to check the CPU usage of the computer with applications such as Windows Task Manager and Resource Monitor.
If the computer shows signs of slowdown and checks that the performance of the browser or extension CPU is high, it may be that the computer has been infected with Coinhive, urgently need to notify the network administrator for processing.
Regularly check and scan existing vulnerabilities to detect the appearance of malicious code in time. In case of detection of vulnerabilities, immediately implement corrective measures, update additional patches and remove malicious programs that have been inserted by hackers.
After implementation, request the units to report on the situation of infection and the results of processing if available to the National Coordinating Agency (VNCERT Center) before November 30, 2017. VNCERT requires leaders of units to seriously implement the coordination order.
According to ictnews
You should read it
- Test of knowledge about Bitcoin
- Malicious ads dig virtual money right on the browser
- Prosecuting two directors of virtual money bitcoin
- Does virtual currency become Israel's national currency?
- Ethereum phishing attacks help criminals earn $ 15,000 in 2 hours
- Prosecuting two directors for bitcoin business
- The exchange crashed, turning many virtual currency investors into USD billionaires in a few hours
- Hackers are targeting Bitcoin virtual money
May be interested
- Malware can steal Facebook, Twitter and Gmail accountsresearchers have discovered a new and complex malware variant, based on the famous zeus bank trojan but not just stealing bank accounts.
- BankBot is back on Play Store - an uninterrupted story about malware on Androidafter google's efforts to block malware from play store, malicious applications still find ways to trick android anti-malware and poisoning tools.
- Updating to macOS 10.13.1 brings the root error backif you've just updated to macos high sierra 10.13.1, unfortunately, the security update for mac unlocking bugs is ineffective.
- Update Teamviewer now if you don't want to be hackedteamviewer has released an emergency patch that allows hackers to take control of the computer when they are in the remote control session.
- SIM pairing 4G is locked on iPhone lock in Vietnam - Users should be careful!this morning, after apple locked the ios 10.3.3 and 11 sign, many users confirmed that they could not activate their iphone lock with 4g sim card.
- Apple updated the password revealing patch from the Disk Utility functionapple has just released an emergency update for macos high sierra to fix errors that expose passwords that are encrypted in apfs format via password hint feature.