Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: EmoHobo on February 14, 2018, 08:57:20 AM

Title: How prepared is Avast for the rising wave of Cryptocurrency mining abuse?
Post by: EmoHobo on February 14, 2018, 08:57:20 AM

That's quickly becoming the biggest threat in malware and even some sites using JS code to force you to mine for them by visiting their page.  I was wondering how well Avast protects against this new and growing threat.

Title: Re: How prepared is Avast for the rising wave of Cryptocurrency mining abuse?
Post by: Asyn on February 14, 2018, 09:11:46 AM

Well prepared, see...

https://blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming
https://blog.avast.com/cryptocurrency-mining-malware-sneaks-onto-google-play
https://blog.avast.com/protect-yourself-from-cryptojacking

Title: Re: How prepared is Avast for the rising wave of Cryptocurrency mining abuse?
Post by: Evjls on February 14, 2018, 01:32:37 PM

Quote from: Asyn on February 14, 2018, 09:11:46 AM

Well prepared, see...

https://blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming
https://blog.avast.com/cryptocurrency-mining-malware-sneaks-onto-google-play
https://blog.avast.com/protect-yourself-from-cryptojacking

well prepared but haven't done anything yet. Cryptomining is still fully working without any intervention from avast. Norton DNS and ublock origin can do better job. I had to disable these 2 in order to test avast. Avast DOES NOT protect or just partially protect against cryptomining
I'm using Avast IS v18.1 with file shield, web shield, behavior shield and ransomware shield installed
https://i.imgur.com/cPe9OVv.png
https://i.imgur.com/mN9nN0s.png

again, don't really trust those documents. Test it yourself

EDIT: avast actually blocked cryptominers in internet explorer but not in my browser (slimjet)

Title: Re: How prepared is Avast for the rising wave of Cryptocurrency mining abuse?
Post by: Pondus on February 14, 2018, 01:44:29 PM

Test say browser test ... should avast be trigged by that test?



https://steemit.com/monero/@kutz/hurray-avast-blocking-coinhive-web-miners

https://www.virustotal.com/#/file/4d6af0dba75bedf4d8822a776a331b2b1591477c6df18698ad5b8628e0880382/detection

Title: Re: How prepared is Avast for the rising wave of Cryptocurrency mining abuse?
Post by: Evjls on February 14, 2018, 01:49:30 PM

Quote from: Pondus on February 14, 2018, 01:44:29 PM

Test say browser test ... should avast be trigged by that test?



https://steemit.com/monero/@kutz/hurray-avast-blocking-coinhive-web-miners

https://www.virustotal.com/#/file/4d6af0dba75bedf4d8822a776a331b2b1591477c6df18698ad5b8628e0880382/detection

avast failed to block coinhive scripts while testing with my browser Slimjet -> it means avast just protects cryptomining (script scanning) in supported applications: IE, chrome, firefox, adobe reader, and " other applications" (I assume they are windows script host = wscript.exe and cscript.exe)

there are many malwares which inject scripts into windows processes and start mining. I tested 1 sample yesterday, which injected into svchosts.exe. In this case, avast may fail

Title: Re: How prepared is Avast for the rising wave of Cryptocurrency mining abuse?
Post by: Evjls on February 14, 2018, 02:09:59 PM

The best, free and easiest way to protect yourselves from cryptomining:
- Use Norton DNS: tested working -> can protect system-wise
- install an adblocker which also supports hosts file format (ublock origin) and add these 2 filters:
https://raw.githubusercontent.com/ZeroDot1/CoinBlockerLists/master/hosts
https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/nocoin.txt