Other products

Protection against the Coinminer malware

What is CoinMiner malware?

Coinminers (also called cryptocurrency miners) are programs that generate Bitcoin, Monero, Ethereum, or other cryptocurrencies that are surging in popularity. When intentionally run for one's own benefit, they may prove a valuable source of income.

However, malware authors have created threats and viruses which use commonly-available mining software to take advantage of someone else's computing resources (CPU, GPU, RAM, network bandwidth, and power), without their knowledge or consent (i.e. cryptojacking).

What are the types of coin miners?

There are many different ways to force a computer or device to mine cryptocurrency. These are the three main types of miners:

  • Executables: These are typical malicious or Potentially Unwanted Application (PUA) executable files (.exe) placed on the computer and designed to mine cryptocurrencies.

  • Browser-based Cryptocurrency Miners: These JavaScript (or similar technology) miners perform their work in an Internet browser, consuming resources for as long as the browser remains open on the website. Some miners are used intentionally by the website owner in place of running ads (e.g. Coinhive), while others have been injected into legitimate website without the website owner's knowledge or consent.

  • Advanced Fileless Miners: Malware has emerged that performs its mining work in a computer's memory by mis-using legitimate tools like PowerShell. One example is MSH.Bluwimps, which carries out additional malicious acts in addition to mining.

How do I know if my device is being used for coin mining?

Coinminers run on various platforms, including:

  • Windows

  • Mac

  • Linux

  • Android

  • Internet of Things (IoT) devices

Norton products typically raise a warning when files related to coin mining are found, to bring them to your attention; though open-source and widely-used, mining software may be Potentially Unwanted Applications (PUA).

Indications that a computer is mining include:

  • High CPU and GPU usage

  • Overheating

  • Crashes or frequent restarts

  • Slow response times

  • Unusual network activity (e.g. connections to mining-related websites or IP addresses).

Am I protected against this malware?

Norton protects you against the Coinminer malware. Run LiveUpdate to make sure that your Norton definitions are up-to-date and run full system scan.

  • Close the browser tab in which the detected URL is open. You should avoid visiting the detected website.

  • The detected potential Coinminer malware program or file should be removed from your computer. You should avoid using the program.

STEP 1

Run LiveUpdate

  1. Start Norton.

    If you see the My Norton window, next to Device Security, click Open.

  2. In the main window, double-click Security, and then click LiveUpdate.

  3. When Norton LiveUpdate is finished, click OK.

  4. Run LiveUpdate until you see the message, "Your Norton product has the latest protection updates".

  5. Exit all the programs, and restart the computer.

STEP 2

Run Full System Scan

  1. Start Norton.

    If you see the My Norton window, next to Device Security, click Open.

  2. In the main window, double-click Security, and then click Scans.

  3. In the Scans window, select Full System Scan and click Go.

  4. When the scan is finished, click Finish.

How can I exclude this website or program?

Exclusions reduce your level of protection and should be used only if you have a specific need.

If you want to access a website, file, or program blocked by Norton then do one of the following.

How can I whitelist this website or program?

If your software is currently detected by Norton as malicious and you want to report it as a false positive, see Norton incorrectly alerts that a file is infected, or a program or website is suspicious.

Thank you!

Thank you for using Norton Support.

< Back

The solution made it easy for me to handle my issue.

Yes No

Help us improve this solution.

Thank you for helping to improve this experience.

What would you like to do now?

Browse for solutions, search the Norton Community, or Contact Us.

DOCID: v125881893_EndUserProfile_en_us
Operating System: Windows
Last modified: 11/06/2018