My scan has identified ny1.xmrminingproxy.com as a threat.
I'd like to understand the nature of the threat and why this has suddenly become a problem, I've never seen reported it before today..
You're most welcome, glad we could help.
SA
Thanks for your explanation. I ran a full scan but it did not disclose any threat eliminated. However, the smart scan stopped announcing that it had deflected the attempt by the hackers to connect with my device.
I now understand the nature of the threat and how effictive Norton 360 is.
David0
If you do not currently or have mined in the past, the alert to this threat is, it poses the threat of CPU high jacking to make money:
This activity is generally attributed to certain financially motivated hacking groups, most notably TeamTNT, that perform large-scale attacks against vulnerable Docker Hubs, AWS, Redis, and Kubernetes deployments.
The threat actors load modified OS images containing XMRig, a miner for Monero (XMR), which is a privacy-oriented hard-to-trace cryptocurrency, and currently the most profitable CPU-based mining.
The mining programs use the hacked device's CPUs, so the threat actor generates income by hijacking hardware.
Compared to ransomware, rogue crypto mining is a lower-risk activity for the attacker, much less likely to attract law enforcement attention.
https://www.bleepingcomputer.com/news/security/cryptominers-hijack-53-worth-of-system-resources-to-earn-1/
Websites that do not monitor their base code on a regular basis sometimes unknowingly allow this code to be present on their sites. When a visitor browses there it attempts to run on the system with the privileges the user has. Norton blocked this attempt for you, it should be considered no further action required if there isn't any indication this is persisting. If persistence is the remaining issue, use Malwarebytes as Guru bjm_ suggested for a secondary scan and more peace of mind.
SA
14/95 security vendors flagged this URL as malicious
https://ny1.xmrminingproxy.com/
ny1.xmrminingproxy.comhttps://www.virustotal.com/gui/url/151ddf6053cd
13/95 security vendors flagged this URL as malicious
https://xmrminingproxy.com/
xmrminingproxy.comDid you recently install any program or browser extension?
Did you recently change site permissions?
Did you recently allow push notifications?
David0:
My scan has identified ny1.xmrminingproxy.com as a threat.
meaning = Norton QuickScan?
sounds like cryptocurrency miner = xmr mining
Monero (XMR) is an interesting cryptocurrency that sits at the very heart and ethos of what a truly decentralized, trustless, and private cryptocurrency is meant to be. It is the largest privacy coin in the industry and one of the most popular coins for miners, but, can you still make money mining Monero in 2024?
https://www.coinbureau.com/education/mining-monero/
fwiw ~
- https://www.malwarebytes.com/blog/detections/trojan-monero
- https://malwaretips.com/blogs/remove-xmr-2miners-com/
- https://malwaretips.com/blogs/trojan-js-coinminer-xmr/
David0:
My scan has identified ny1.xmrminingproxy.com as a threat.
meaning = Norton QuickScan?
Please tell us what Norton is telling you regarding this event.
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Browser Guard
Website blocked due to trojan
Website Blocked: ny1.xmrminingproxy.com
v2.6.27 | Trojan: 2.0.202406231136
Malwarebytes Browser Guard blocked this page because it may contain malicious activity.Malwarebytes Browser Guard
Website blocked due to trojan
Website Blocked: xmrminingproxy.com
v2.6.27 | Trojan: 2.0.202406231136
Malwarebytes Browser Guard blocked this page because it may contain malicious activity.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ny1.xmrminingproxy.com
URL Analysed: ny1.xmrminingproxy.com
NORTON RATING Caution
CURRENT CATEGORY Technology/Internet
Potentially Unwanted Softwarehttps://safeweb.norton.com/report?url=ny1.xmrminingproxy.com
ny1.xmrminingproxy.com
URL Analysed: xmrminingproxy.com
NORTON RATING Caution
CURRENT CATEGORY Technology/Internet
Potentially Unwanted Software
https://safeweb.norton.com/report?url=xmrminingproxy.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please run Norton Full Scan & Malwarebytes Threat Scan.
Were my machine and I wanted reassurance.
I'd ask Malwarebytes Malware Removal Help Forums to check my machine.
Malwarebytes offers free second opinion on-demand scanner.
Malwarebytes offers free self-help guides.
Malwarebytes offers free one-on-one malware removal assistance.
Malwarebytes staff & experts help all. Malwarebytes subscription is not required.
- How to install and run a scan with Malwarebytes
https://malwaretips.com/blogs/run-a-scan-with-malwarebytes/ - Malware Removal Self-Help Guides
https://forums.malwarebytes.com/forum/39-malware-removal-self-help-guides/ - Malwarebytes Malware Removal Help Forums
https://forums.malwarebytes.com/forum/108-malware-removal-help/
Malware Removal Help Forums dedicated to cleaning infected devices. Get personalized help removing adware, malware, spyware, ransomware, trojans, viruses and more from tech experts. Follow the instructions in the pinned topics first. All assistance here is used at your own risk and we take no responsibility should there be damage to the system in question.