[clamav-users] crypto currency miner

Micah Snyder (micasnyd) micasnyd at cisco.com
Tue Jan 2 18:31:59 UTC 2018


I’m not a signature creator, but Reindl is on to something.  Some websites have started mining crypto currency using javascript using your computer if you visit their site.  It’s abusive, but not really malicious.

I’m guessing, as Reindl implied, that this signature is designed to detect such behavior.  Maybe someone who is more in-the-know will chime in.  In the meantime, you’re welcome to whitelist it or ignore it.


Micah Snyder
Software Engineer
Talos
Cisco Systems, Inc.



On Jan 2, 2018, at 1:19 PM, Reindl Harald <h.reindl at thelounge.net<mailto:h.reindl at thelounge.net>> wrote:



Am 02.01.2018 um 18:40 schrieb lejeczek:
new to the list I'm, hi everyone.
I'd like to ask if your minder, if you mine crypto conins that is, often pop up in clamav?
I have this one: https://github.com/sammy007/cpuminer-multi
and it gets flagged as:
./cpuminer-multi/minerd: Unix.Tool.Minerd-6404314-0 FOUND
Would someone know something more about that code and why clamav sees it as .. right, as what exactly?

didn't you notice that the newest shit is trying to abuse other computers for mine crypto coins even on websites with javascript?
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



More information about the clamav-users mailing list