Troubleshoot Yandex browser (Russian 18.6.1.772) containing Coinminer?

[Evjl's Rain]

Briefly explain your current issue(s)

Browser containing coinminer

Steps taken to resolve, but have been unsuccessful

nothing

I found this information

Antivirus scan for 43ba23cf5e2457a27ba980cf92f20ab8659afd21d80c162ab7a0aec68de562f8 at 2018-07-20 10:16:44 UTC - VirusTotal
Intezer Analyze
https://www.hybrid-analysis.com/sam...d21d80c162ab7a0aec68de562f8?environmentId=100

There is a comment from a trusted member (sns_amigo) who said this yandex installer contained a coinminer

it seems legit. Not sure if this is a modified version or the official one

 

[TairikuOkami]

The respectable malware hunter said it contains a miner so it should have something malicious

I hope not, since there is no alternative for me. It would be funny though, since Yandex's own adblocker (Antishock) blocks coinminers.

 

[Evjl's Rain]

There are many cloud features, which can be disabled, like suggestions, translate, quick answers, etc.


You can say that again, they switched from Google to Sophos. It is a miracle, if it actually reports anything.


Protected Mode is a nice feature, it disables all extensions (except password) on bank webpages, so malicious extensions stand no chance.

I still don't trust it. A member here had his banking data leaked while he was using Yandex. Since he switched to other browser, he hasn't reported anything
I noticed, the yandex's IPs that the browsing frequently sends data to are abused by malwares with the detection rate from VT varies between 20 to 55/60

 

[Snickers102]

I hope not, since there is no alternative for me

How so?

 

[TairikuOkami]

I noticed, the yandex's IPs that the browsing frequently sends data to are abused by malwares with the detection rate from VT varies between 20 to 55/60

Yandex's IPs and products are falsely reported as malware, because they are Russian. People do know, how to uninstall them, so they report them.
Pretty much anything that is Russian has problems. I can not even use my mail.ru for some services, since it is blocked, even by my employer.

How so?

I have tried looking for an alternative, but nothing comes even close in terms of speed and security, only Firefox Quantum, but very limited.

 

[Evjl's Rain]

Yandex's IPs and products are falsely reported as malware, because they are Russian. People do know, how to uninstall them, so they report them.

I don't know
however, Yandex sends data to this IP: 5.45.205.231 (yandex cdn)
this malware with the detection rate of 61/68 also connects to the same IP
same for this one: 60/68

 

[Snickers102]

I have tried looking for an alternative, but nothing comes even close in terms of speed and security, only Firefox Quantum, but very limited.

Could you expand on this statement?

 

[Moonhorse]

Protect: keeping you safe online - Yandex.Browser

Protect: secure DNS requests (this similar to what Firefox is trying to implement, I use a different DNS within the browser and within the OS)

You can already set firefox run dns of your choise, but they are going to implement actual list where to choose from?

Anyways i switched from yandex dns back to neustar business protection dns now...

Yandex family security werent blocking finnish sites at all, but i think they mainly focus on russian sites and most common english ones

 

[Snickers102]

I must be the only person in the world using my ISP or my VPN's default dns, what's so bad with this? It's certainly faster for one

 

[TairikuOkami]

however, Yandex sends data to this IP: 5.45.205.231 (yandex cdn)

Yandex sends data to Yandex, Chrome to Google, Windows to Microsoft, it is normal, not welcomed, but considered normal.

this malware with the detection rate of 61/68 also connects to the same IP

It is Yandex CDN, the file is most likely stored on Yandex's cloud storage, so it uses the same IP, like:

https://download.cdn.yandex.net/support/ru/music/files/eps_button_main.eps

You would not say, that Google is spreading malware, just because it is stored on someone's Google Drive.

You can already set firefox run dns of your choise, but they are going to implement actual list where to choose from?

I have tried that, but it did not work, probably because FF uses TCP only and I was never able to get TCP (DNS) working, only UDP.

 

[Moonhorse]

Well the download size is bigger on

russian version also, i dont know how much does it matter when browser gets updated

 

[Snickers102]

Well the download size is bigger on

russian version also, i dont know how much does it matter when browser gets updated

This 300 kb is the russian translation, duh

(Or perhaps cuz it's newer version?)

 

[TairikuOkami]

Well the download size is bigger on russian version also

That is probably just Alice. When you want to download her, it downloads Yandex.exe, so they are most likely merged now.

Голосовой помощник для Windows.

Yandex — Company news — Yandex Launches Alice - The First AI Assistant Designed For The Russian Market

 

[Snickers102]

The new Yandex AI assistant provides human-like responses showcasing its superior Russian language skills, a distinct personality with a sense of humor, and an ability to understand incomplete phrases and questions. Unlike major voice assistants that are limited to predefined scenarios, it integrates the ability to carry free-flowing “chit-chat” conversations with users that can surprise and delight them

Too bad I don't speak Russian, we could have some fun with Alice ( ͡° ͜ʖ ͡°)

Who needs other humans anyway

 

[ForgottenSeer 69673]

I use Yandex on my smart phone and like it. I never bank or log into any sites with my smart phone.

 

[upnorth]

Sounds/looks to me that @Snickers102 test says it all IMO and for example the VT link is now 0/65 engines. I also took a quick peek at the user sns_amigo on VT and his/her reported links and that seams not conclusive as the first link shows a possibility of 0,25% Coinminer and the other is a article from Eset about Monero mining that doesn't even mention Yandex at all.

 

[shmu26]

I use Yandex on my smart phone and like it. I never bank or log into any sites with my smart phone.

I also use Yandex on smartphone. I like the clean interface. For banking on smartphone, I don't use a browser, I use the dedicated app from my bank.

 

[Snickers102]

I also use Yandex on smartphone. I like the clean interface. For banking on smartphone, I don't use a browser, I use the dedicated app from my bank.

Banking on your smartphone, you're just looking for trouble

PCs with cracks and activators and even old keygens (when they still worked) is one thing, u can test them in VM etc. but smartphone is another thing

 

[shmu26]

Banking on your smartphone, you're just looking for trouble

PCs with cracks and activators and even old keygens (when they still worked) is one thing, u can test them in VM etc. but smartphone is another thing

So how do you deposit a check? You go down to the branch?

 

[Snickers102]

So how do you deposit a check? You go down to the branch?

I have no idea what that means

 

[shmu26]

I have no idea what that means

Okay, so checks are too old-fashioned for you, huh?
But anyways, I would be much obliged if you and anyone else could link me to a good article or two about the security risks of using a dedicated banking app on mobile. With my particular app, it does voice recognition, so you don't even need to enter a password. I am under the impression that it is pretty secure. And I do it at home, over my own router.