Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Coinhive JavaScript Miner Detection
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This script reports if a web page of the remote host contains code from the Coinhive JavaScript Miner.
Insight
Insight
While the Coinhive JavaScript Miner might be deployed legitimately, it is often used by attackers for malicious purposes to consume unauthorized resources of a client browsing a web site. This script reports results of rudimentary checks for the following strings embedded into any web page of the remote host: - CoinHive.Anonymous - CoinHive.User - CoinHive.Token NOTE: There are various obfuscation technologies available to hide such JavaScript from the scanner, thus the mentioned 'rudimentary checks' above. NOTE2: No vulnerability is reported if the Coinhive JavaScript is loaded from the authedmine.com domain. This JavaScript code only run after an explicit opt-in / agreement from the user.
Solution
Solution
Inspect all reported web pages / URLs if the Coinhive JavaScript Miner was deployed legitimately and remove it if not.