Coin-Hive code infecting Malaysian systems

Coin-Hive code is not exactly a virus but counts as Malware even though it doesn’t affect systems the way that a Trojan or Ransomware would. Unfortunately, once you get it your life will possibly turn into a nightmare.

The code makes your device into part of a botnet that is used to mine cryptocurrency (supposedly, Monero) that ends up in the botnet owner’s pocket. The botnet owner grows richer while your CPU (Central Processing Unit) power is drained and you’re left footing the electricity bills.

Kaspersky Lab is believed to be among the first security solutions to have detected the coin-hive miner code locally. Data from Kaspersky Security Network, Kaspersky Lab’s distributed cloud infrastructure, that provides verdicts on new malware specimens in a matter of minutes, based on the data from 80 million sensors all over the world indicates that the coin-hive code has been detected among Malaysian users since early October 2017.

Kaspersky Lab’s Internet Security solution can detect, block and remove the coin-hive code. Kaspersky Lab products identify the code as HEUR:Trojan.Script.Generic. Other trending detections of this code include Trojan.JS.Miner.d and Trojan.JS.Miner.

In general, the number of users that have encountered cryptocurrency miners has increased dramatically in recent years. For example, in 2013 Kaspersky Lab products protected around 205,000 users globally when they were targeted by this type of threat. In 2014 the number increased to 701,000, and the number of attacked users in the first eight months of 2017 reached 1.65 million.

Number of users Kaspersky Lab protected from malicious cryptocurrency miners from 2011 to 2017

Are You Infected?

If you have a security solution installed, update it, and scan your device. If it detects the coin-hive code, follow prompt for removal. If you do not have a security solution you can download Kaspersky Free . Follow the same steps to remove the coin-hive code.

Michael Molsner, Head of Research Center, Kaspersky Lab, Japan said Kaspersky Internet Security protects users against malicious droppers by default.

“Make sure that your anti-virus application is on at all times and this malware won’t stand a chance of infiltrating your computer. If for some reason you deactivate AV and run a manual scan after becoming suspicious, Kaspersky Internet Security will immediately detect this full-fledged Trojan and prompt you to get rid of it.”


“If you may have allowed code such as this inadvertently, you can always open Kaspersky Internet Security’s settings, find the Threats and Exclusions section, and select the check box by Detect other software to find such code and then remove it.”

He reminded all users to scan their system regularly as the security solution can help users avoid installing and running unwanted applications.

“It is time to take your CPU power back,” he quipped in closing.

Leave a Reply

Your email address will not be published. Required fields are marked *