Problem Yandex browser (Russian 18.6.1.772) containing Coinminer?

Operating system
Windows
OS type
32-bit OS
List of current issues
Browser containing coinminer
Steps taken, but unsuccessful?
nothing

Evjl's Rain

Level 37
Content Creator
Trusted
AV-Tester
Joined
Apr 18, 2016
Messages
2,631
OS
Windows 8.1
Antivirus
Avast
#1
Joined
Jul 5, 2018
Messages
52
#2
Have you tried using Process Explorer / Hacker to check if your CPU is getting unusually high usage from the browser? That's how coin miner works right?
 
Likes: upnorth

Evjl's Rain

Level 37
Content Creator
Trusted
AV-Tester
Joined
Apr 18, 2016
Messages
2,631
OS
Windows 8.1
Antivirus
Avast
#3
Have you tried using Process Explorer / Hacker to check if your CPU is getting unusually high usage from the browser? That's how coin miner works right?
I don't use yandex. I was just bored and looking around and I found the info
I can't verify it
 

TairikuOkami

Level 15
Content Creator
Joined
May 13, 2017
Messages
740
OS
Windows 10
#6
here is the link of version Russian 18.6.1.772
I noticed the hash is different from the file's hash reported in VT and hybrid-analysis
That link is for 18.6.1.770.

it seems legit. Not sure if this is a modified version or the official one
The latest version is 18.6.1.770 made on July 7th, that 18.6.1.772 version was made on July 6th, (beta is 18.7.0.2241).
 

Evjl's Rain

Level 37
Content Creator
Trusted
AV-Tester
Joined
Apr 18, 2016
Messages
2,631
OS
Windows 8.1
Antivirus
Avast
#7
That link is for 18.6.1.770.


The latest version is 18.6.1.770 made on July 7th, that 18.6.1.772 version was made on July 6th, (beta is 18.7.0.2241).
the english version is 18.6.1.770
the russian version is 18.6.1.772

here is the screenshot, my link was correct. Russian version is problematic. Not sure about the english one
Capture.PNG
 
Likes: TairikuOkami
Joined
May 29, 2018
Messages
590
OS
Windows 10
Antivirus
Microsoft
#10
Have you tried using Process Explorer / Hacker to check if your CPU is getting unusually high usage from the browser? That's how coin miner works right?
If it would be stable release why would they allow cpu to go that high? If they wanna mine as theyre closed source they can do it with minimal hash, without people using their browser doesnt notice anything

Im using yandex dns, maybe in part of their botnet also
 
Likes: Evjl's Rain

Evjl's Rain

Level 37
Content Creator
Trusted
AV-Tester
Joined
Apr 18, 2016
Messages
2,631
OS
Windows 8.1
Antivirus
Avast
#11

Attachments

Likes: TairikuOkami
Joined
Jul 5, 2018
Messages
52
#15
I took it for a spin, browsing pages for about 10 mins, seems clean, cpu usage is low, stays at 0.xx% when not doing anything, going to about 5-10% max when loading pages, as expected, which btw surprises me just how fast it is, it's very slightly faster than chrome, but that's probably because I have like 10 extensions on chrome and a few hundred tabs open compared to 5 tabs on yandex and no extensions, even then the speed difference is very small but noticeable, not in the sense that's there's a noticeable difference, but in the sense that I can see it, although 98% of people wouldn't notice it cuz even for me it's very subtle, but it does feel fast when you get used to the difference after a few minutes, even though at first it may seem like the same, it's like the difference between 10 and 15-20 ping in games, both are low but one is just slightly lower, 99% people wouldn't notice it

@Evjl's Rain what features does this browser have compared to chrome?
 

Evjl's Rain

Level 37
Content Creator
Trusted
AV-Tester
Joined
Apr 18, 2016
Messages
2,631
OS
Windows 8.1
Antivirus
Avast
#17
I took it for a spin, browsing pages for about 10 mins, seems clean, cpu usage is low, stays at 0.xx% when not doing anything, going to about 5-10% max when loading pages, as expected, which btw surprises me just how fast it is, it's very slightly faster than chrome, but that's probably because I have like 10 extensions on chrome and a few hundred tabs open compared to 5 tabs on yandex and no extensions, even then the speed difference is very small but noticeable, not in the sense that's there's a noticeable difference, but in the sense that I can see it, although 98% of people wouldn't notice it cuz even for me it's very subtle, but it does feel fast when you get used to the difference after a few minutes, even though at first it may seem like the same, it's like the difference between 10 and 15-20 ping in games, both are low but one is just slightly lower, 99% people wouldn't notice it

@Evjl's Rain what features does this browser have compared to chrome?
I used it for a short period of time, then I ditched it because I couldn't sideload the extensions I want
it has banking protection, built-in DNS changer,...

I don't need most of its features
I think this browser is a lot worse than chrome in terms of privacy
I frequently send data to yandex's IPs

moreover, the URL protection is a lot worse than google safe browsing

I doubt the banking protection might compromise our banking information

EDIT: this browser is weird. when you plug your USB in, it would show a popup about something
in other words, it monitors what you are doing in your computer
 
Likes: Nestor

TairikuOkami

Level 15
Content Creator
Joined
May 13, 2017
Messages
740
OS
Windows 10
#19
I frequently send data to yandex's IPs
There are many cloud features, which can be disabled, like suggestions, translate, quick answers, etc.

moreover, the URL protection is a lot worse than google safe browsing
You can say that again, they switched from Google to Sophos. It is a miracle, if it actually reports anything.

I doubt the banking protection might compromise our banking information
Protected Mode is a nice feature, it disables all extensions (except password) on bank webpages, so malicious extensions stand no chance.
 

Evjl's Rain

Level 37
Content Creator
Trusted
AV-Tester
Joined
Apr 18, 2016
Messages
2,631
OS
Windows 8.1
Antivirus
Avast
#20
also, I think it would trigger the coinminer when the PC is in idle or something like that
when we are actively browsing or opening task manager, we won't notice anything

just be aware of this browser
The respectable malware hunter said it contains a miner so it should have something malicious
 
Forgot your password?