Jump to content

coinhive.com connection attempt can't find malware

Recommended Posts

Hey all, I have a computer, MacBook Air, that has come up multiple times over the past few days with an IDS alert in my Meraki MX100 Security center. It lists the device as the the source and the destination is p08.coinhive.com - the attempt gets blocked and is flagged as Coinhive TLS client hello attempt. Here is the rules details from snort: https://snort.org/rule_docs/1-45950

The whois gives me this info http://whois.domaintools.com/

I had over 600 connection attempts over the span of 4 hours.

I ran MalwareBytes on the device but it didn't pick anything up. The user has no chrome extension installed and as a student computer, is pretty lite on what is installed.

I am happy to provide more detailed info directly to MalwareBytes if requested.

Was curious if anyone else is seeing this, or if anyone has further insight on what files to look for. While the connection is being blocked on the school network, I'm worried about when the student is on networks not protected by IDS and AMP. 

Link to post
Share on other sites

  • Staff

I can't say what might be going on there without more information on what's installed. I'll send you a request for more information privately.

It's entirely possible, though, that this activity is from a coin mining JavaScript on a web page that student is visiting. Malwarebytes for Mac does not do any network blocking at this time. We do have a browser extension beta for Chrome and Firefox that should be able to help block these kinds of browser-based issues, but we don't have a version for Safari yet.



Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.