1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: JSCoinminer Download 6

Web Attack: JSCoinminer Download 6

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects suspicious activities associated with JScoinminer

Additional Information

JScoinminer is a detection for a JavaScript cryptocurrency miner that runs in web browsers. The javascript coin miner consumes enormous CPU resources, making computer use sluggish. The JavaScript is loaded in the browser when the user visits a web page hosting the JavaScript. If you haven't opened the detected website on your own, you are possibly redirected to the detected website via redirection mechanisms like malicious advertisement or a compromised website hosting an iframe or JavaScript which redirects to the detected website. The JavaScript runs as long as the user stays on the web page. As long as the website being visited is injected with the coin mining javascript, the website will be blocked by this signature. The computer system is not actually "infected" when this detection triggers.

Affected

  • Various Windows platforms.

Response

The browser tab in which the detected URL is open,should be closed. User should avoid visiting the detected website. More information on browser-based coin mining is available at https://www.symantec.com/blogs/threat-intelligence/browser-mining-cryptocurrency

If you are a Norton user and wish to access a website blocked by Intrusion Prevention, please go through the exclusion process listed at https://support.norton.com/sp/en/us/home/current/solutions/v1224806_ns_retail_en_us to exclude the Intrusion Prevention detection blocking the given website.

If you are an Enterprise Product user, please go through the exclusion process listed at https://support.symantec.com/en_US/article.HOWTO80883.html to exclude the Intrusion Prevention detection.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube