For details on cookie usage on our site, read our Privacy Policy
How to block Crypto Miner (javascript)
- LIVEcommunity
- Discussions
- Cloud Delivered Security Services
- Threat & Vulnerability
- How to block Crypto Miner (javascript)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-31-2017 05:54 AM
This week I noticed a "CoinHive Javascript Detection" in the logs of our Palo Alto.
When reading on the subject I noticed that there are websites around that use Javascript to start mining Crypto coins on the users' computer.
Detailed description can be found here :
https://researchcenter.paloaltonetworks.com/2017/10/unit42-unauthorized-coin-mining-browser/
I noticed in the Palo Alto blog that : PANDB is able to block URLs hosting Coinhive JavaScript.
My question:
How does one actually block this?
When I visit for example https://coinhive.com/ and push the button "Start Mining" the CPU goes up to 100%.
- Mark as New
- Subscribe to RSS Feed
- Permalink
12-29-2017 11:13 AM
Thank you!
I'm really surprised this is classified as low severity? This can get onto servers and spike CPU to 100% to take down applications.
Also, I don't think these mining websites should be listed as
Category Financial Services
Auctions?? coinhive malware was going around injecting user's PCs......
Category Auctions
Category Computer and Internet Info
Category Malware
They're saying minexmr.com is malware because it was recently used in a malware mining injection incident, however couldn't you use any miner website with the injection?
Needs to be a new URL PAN-DB category for Cryptocurrency, in my opinon.
Clean this up PAN, this is going to be one of the biggest issues in 2018 against networks in my opinion. Make this a priority.
Thanks, -Rags
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-06-2018 01:45 PM
I feel that the Palo Alto Networks response to crypto jacking is disappointing. There is a security reaseacher that is actively tracking cryptomining domains and (as of now) is maintaining up-to-date lists of these domains. You can add the first two lists "all domains" and "all optional domains" to an External Dynamic List and then edit your exsiting Anti-Spyware policies to sinkhole those domains. As of this post, there are 3,898 domains in those two lists (combined).
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-06-2018 08:19 PM
I see the two CoinHive signatures have have had their severity increased to medium which is set to reset-both in our environment.
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-07-2018 07:21 AM
Thanks @kalakai for the links. Good stuff.
What is the advantage over using a sinkhole over just using a DBL and setting the rule to block completely?
Thanks, -Rags
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
