Home / malware Trojan:HTML/Brocoiner!rfn
First posted on 15 December 2017.
Source: MicrosoftAliases :
There are no other names known for Trojan:HTML/Brocoiner!rfn.
Explanation :
This JavaScript cyrptocurrency mining client has been found served by multiple web pages, including streaming video sites, adult sites, and shopping sites. Some of these sites could be compromised.
This cryptocurrency miner is designed to work on multiple browsers. It has been observed to mine Monero coin (XMR), a type of cryptocurrency. All mined coins are credited to this malware's operators.
Like other cryptocurrency miners, this malware works by performing highly complex computations—a process that can be CPU intensive. As a result, computers that visit the pages serving this JavaScript can slow down significantly.
Samples of this malware have been found using JavaScript libraries in the following URLs:
- hxxps://coinhive[.]com/lib/coinhive[.]min[.]js
- hxxps://coin-hive[.]com/lib/coinhive[.]min[.]js
- hxxps://crypto-loot[.]com/lib/miner[.]min[.]js
- hxxps://camillesanz[.]com/lib/status[.]js
- hxxps://www[.]coinblind[.]com/lib/coinblind_beta[.]js
- hxxp://jquerystatistics[.]org/update[.]js
- hxxp://www[.]etacontent[.]com/js/mone[.]min[.]js
- hxxps://cazala[.]github[.]io/coin-hive-proxy/client[.]js
- hxxp://eruuludam[.]mn/web/coinhive[.]min[.]js
- hxxp://www[.]playerhd2[.]pw/js/adsensebase[.]js
Last update 15 December 2017
