Troubleshoot Yandex browser (Russian 18.6.1.772) containing Coinminer?

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Briefly explain your current issue(s)
Browser containing coinminer
Steps taken to resolve, but have been unsuccessful
nothing

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
There are many cloud features, which can be disabled, like suggestions, translate, quick answers, etc.


You can say that again, they switched from Google to Sophos. It is a miracle, if it actually reports anything.


Protected Mode is a nice feature, it disables all extensions (except password) on bank webpages, so malicious extensions stand no chance.
I still don't trust it. A member here had his banking data leaked while he was using Yandex. Since he switched to other browser, he hasn't reported anything
I noticed, the yandex's IPs that the browsing frequently sends data to are abused by malwares with the detection rate from VT varies between 20 to 55/60
 
Upvote 0

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
I noticed, the yandex's IPs that the browsing frequently sends data to are abused by malwares with the detection rate from VT varies between 20 to 55/60
Yandex's IPs and products are falsely reported as malware, because they are Russian. People do know, how to uninstall them, so they report them.
Pretty much anything that is Russian has problems. I can not even use my mail.ru for some services, since it is blocked, even by my employer. :ROFLMAO:

I have tried looking for an alternative, but nothing comes even close in terms of speed and security, only Firefox Quantum, but very limited.
 
Upvote 0

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Yandex's IPs and products are falsely reported as malware, because they are Russian. People do know, how to uninstall them, so they report them.
I don't know
however, Yandex sends data to this IP: 5.45.205.231 (yandex cdn)
this malware with the detection rate of 61/68 also connects to the same IP
same for this one: 60/68
 
  • Like
Reactions: Moonhorse
Upvote 0

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Protect: keeping you safe online - Yandex.Browser

Protect: secure DNS requests (this similar to what Firefox is trying to implement, I use a different DNS within the browser and within the OS)
You can already set firefox run dns of your choise, but they are going to implement actual list where to choose from?

Anyways i switched from yandex dns back to neustar business protection dns now...

Yandex family security werent blocking finnish sites at all, but i think they mainly focus on russian sites and most common english ones
 
  • Like
Reactions: TairikuOkami
Upvote 0

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
however, Yandex sends data to this IP: 5.45.205.231 (yandex cdn)
Yandex sends data to Yandex, Chrome to Google, Windows to Microsoft, it is normal, not welcomed, but considered normal.

this malware with the detection rate of 61/68 also connects to the same IP
It is Yandex CDN, the file is most likely stored on Yandex's cloud storage, so it uses the same IP, like:
Code:
https://download.cdn.yandex.net/support/ru/music/files/eps_button_main.eps
You would not say, that Google is spreading malware, just because it is stored on someone's Google Drive.

You can already set firefox run dns of your choise, but they are going to implement actual list where to choose from?
I have tried that, but it did not work, probably because FF uses TCP only and I was never able to get TCP (DNS) working, only UDP.
 
  • Like
Reactions: Moonhorse
Upvote 0

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
Well the download size is bigger on
yandex1.png
russian version also, i dont know how much does it matter when browser gets updated
 
Upvote 0

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,685
Upvote 0

Snickers102

Level 1
Verified
Jul 5, 2018
46
The new Yandex AI assistant provides human-like responses showcasing its superior Russian language skills, a distinct personality with a sense of humor, and an ability to understand incomplete phrases and questions. Unlike major voice assistants that are limited to predefined scenarios, it integrates the ability to carry free-flowing “chit-chat” conversations with users that can surprise and delight them

Too bad I don't speak Russian, we could have some fun with Alice ( ͡° ͜ʖ ͡°) :LOL:

Who needs other humans anyway
 
  • Like
Reactions: Moonhorse
Upvote 0
F

ForgottenSeer 69673

I use Yandex on my smart phone and like it. I never bank or log into any sites with my smart phone.
 
Upvote 0

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Sounds/looks to me that @Snickers102 test says it all IMO and for example the VT link is now 0/65 engines. I also took a quick peek at the user sns_amigo on VT and his/her reported links and that seams not conclusive as the first link shows a possibility of 0,25% Coinminer and the other is a article from Eset about Monero mining that doesn't even mention Yandex at all.
 
Last edited:
  • Like
Reactions: Evjl's Rain
Upvote 0

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I use Yandex on my smart phone and like it. I never bank or log into any sites with my smart phone.
I also use Yandex on smartphone. I like the clean interface. For banking on smartphone, I don't use a browser, I use the dedicated app from my bank.
 
  • Like
Reactions: Sunshine-boy
Upvote 0

Snickers102

Level 1
Verified
Jul 5, 2018
46
I also use Yandex on smartphone. I like the clean interface. For banking on smartphone, I don't use a browser, I use the dedicated app from my bank.

Banking on your smartphone, you're just looking for trouble :D

PCs with cracks and activators and even old keygens (when they still worked) is one thing, u can test them in VM etc. but smartphone is another thing
 
  • Like
Reactions: upnorth and shmu26
Upvote 0

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Banking on your smartphone, you're just looking for trouble :D

PCs with cracks and activators and even old keygens (when they still worked) is one thing, u can test them in VM etc. but smartphone is another thing
So how do you deposit a check? You go down to the branch?
 
  • Like
Reactions: upnorth
Upvote 0

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I have no idea what that means :ROFLMAO:
Okay, so checks are too old-fashioned for you, huh?
But anyways, I would be much obliged if you and anyone else could link me to a good article or two about the security risks of using a dedicated banking app on mobile. With my particular app, it does voice recognition, so you don't even need to enter a password. I am under the impression that it is pretty secure. And I do it at home, over my own router.
 
  • Like
Reactions: upnorth
Upvote 0

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top