Home / malwarePDF  


First posted on 30 November 2017.
Source: Microsoft

Aliases :

There are no other names known for HTML/Brocoiner.

Explanation :

This JavaScript cyrptocurrency mining client has been found served by multiple web pages, including streaming video sites, adult sites, and shopping sites. Some of these sites could be compromised.

This cryptocurrency miner is designed to work on multiple browsers. It has been observed to mine Monero coin (XMR), a type of cryptocurrency. All mined coins are credited to this malware's operators.

Like other cryptocurrency miners, this malware works by performing highly complex computations—a process that can be CPU intensive. As a result, computers that visit the pages serving this JavaScript can slow down significantly.

Samples of this malware have been found using JavaScript libraries in the following URLs:

  • hxxps://coinhive[.]com/lib/coinhive[.]min[.]js
  • hxxps://coin-hive[.]com/lib/coinhive[.]min[.]js
  • hxxps://crypto-loot[.]com/lib/miner[.]min[.]js
  • hxxps://camillesanz[.]com/lib/status[.]js
  • hxxps://www[.]coinblind[.]com/lib/coinblind_beta[.]js
  • hxxp://jquerystatistics[.]org/update[.]js
  • hxxp://www[.]etacontent[.]com/js/mone[.]min[.]js
  • hxxps://cazala[.]github[.]io/coin-hive-proxy/client[.]js
  • hxxp://eruuludam[.]mn/web/coinhive[.]min[.]js
  • hxxp://www[.]playerhd2[.]pw/js/adsensebase[.]js

Last update 30 November 2017