Am I crazy or does MazdaRoadster.net have an undisclosed crypto miner?
#1
Am I crazy or does MazdaRoadster.net have an undisclosed crypto miner?
Maybe it's just my computer (old i7-3xxx quad core workstation laptop) but closed out some heavier duty programs (SolidWorks/Mastercam and LabView if it matters) and noticed my laptop attempting to interview for a job as a wind tunnel along with really high CPU usage... If purposeful I think this is incredibly dishonest and sleazy.
miner active on homepage
after I end task corresponding to the MR.net tab
miner active on homepage
after I end task corresponding to the MR.net tab
#6
Boost Pope
iTrader: (8)
Join Date: Sep 2005
Location: Chicago. (The less-murder part.)
Posts: 33,339
Total Cats: 6,793
Spent a little time analyzing the page. I don't think they're doing anything malicious in the background, looks like it's just really poor-quality scripting and way too many external calls.
#15
Glad it's not just me. When you have dual 8-core Xeons and you suddenly hear your fans kick on under normal usage, something's not right.
Edit: Also just realized it's my first post here after lurking for some time. I'm getting ready to build a turbo Miata, I swear! MSPNP2 arrives tomorrow!
Edit: Also just realized it's my first post here after lurking for some time. I'm getting ready to build a turbo Miata, I swear! MSPNP2 arrives tomorrow!
#16
I blame this script: https://play.pocketgolf.host/start.php
Storage my ***.
Last edited by gooflophaze; 08-23-2018 at 09:18 AM.
#18
Pretty much, yeah.
More damning - started replacing the obsfucated hex strings with barnyard animal names to see if I could actually follow the code. While I was doing that pasted a few of the variable names into google to see if they were simply ascii bytes - and ran across https://www.hybrid-analysis.com/samp...ironmentId=100 - I'd not seen this analyzer before, so I threw pocketgolf into it - and yeap, it's tainted as ****. https://www.hybrid-analysis.com/samp...a3e105000e46e3
More damning - started replacing the obsfucated hex strings with barnyard animal names to see if I could actually follow the code. While I was doing that pasted a few of the variable names into google to see if they were simply ascii bytes - and ran across https://www.hybrid-analysis.com/samp...ironmentId=100 - I'd not seen this analyzer before, so I threw pocketgolf into it - and yeap, it's tainted as ****. https://www.hybrid-analysis.com/samp...a3e105000e46e3
Thread
Thread Starter
Forum
Replies
Last Post