Troubleshoot Yandex browser (Russian 18.6.1.772) containing Coinminer?

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Briefly explain your current issue(s)
Browser containing coinminer
Steps taken to resolve, but have been unsuccessful
nothing

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Have you tried using Process Explorer / Hacker to check if your CPU is getting unusually high usage from the browser? That's how coin miner works right?
I don't use yandex. I was just bored and looking around and I found the info
I can't verify it
 
Upvote 0

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
here is the link of version Russian 18.6.1.772
I noticed the hash is different from the file's hash reported in VT and hybrid-analysis
That link is for 18.6.1.770.

it seems legit. Not sure if this is a modified version or the official one
The latest version is 18.6.1.770 made on July 7th, that 18.6.1.772 version was made on July 6th, (beta is 18.7.0.2241).
 
Upvote 0

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
That link is for 18.6.1.770.


The latest version is 18.6.1.770 made on July 7th, that 18.6.1.772 version was made on July 6th, (beta is 18.7.0.2241).
the english version is 18.6.1.770
the russian version is 18.6.1.772

here is the screenshot, my link was correct. Russian version is problematic. Not sure about the english one
Capture.PNG
 
  • Like
Reactions: TairikuOkami
Upvote 0

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Have you tried using Process Explorer / Hacker to check if your CPU is getting unusually high usage from the browser? That's how coin miner works right?
If it would be stable release why would they allow cpu to go that high? If they wanna mine as theyre closed source they can do it with minimal hash, without people using their browser doesnt notice anything

Im using yandex dns, maybe in part of their botnet also
 
  • Like
Reactions: Evjl's Rain
Upvote 0

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684

Attachments

  • Capture.PNG
    Capture.PNG
    240.8 KB · Views: 527
  • Like
Reactions: TairikuOkami
Upvote 0

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
OK, installed 772, it still shows it as 770, I guess they use it to differentiate between EN/RU.
Anyway, it installed Yandex's Cortana (rofl), maybe that has triggered that coinminer alert?
 

Attachments

  • capture_07222018_183215.jpg
    capture_07222018_183215.jpg
    115.6 KB · Views: 471
  • capture_07222018_183257.jpg
    capture_07222018_183257.jpg
    78.1 KB · Views: 415
Upvote 0

Snickers102

Level 1
Verified
Jul 5, 2018
46
I took it for a spin, browsing pages for about 10 mins, seems clean, cpu usage is low, stays at 0.xx% when not doing anything, going to about 5-10% max when loading pages, as expected, which btw surprises me just how fast it is, it's very slightly faster than chrome, but that's probably because I have like 10 extensions on chrome and a few hundred tabs open compared to 5 tabs on yandex and no extensions, even then the speed difference is very small but noticeable, not in the sense that's there's a noticeable difference, but in the sense that I can see it, although 98% of people wouldn't notice it cuz even for me it's very subtle, but it does feel fast when you get used to the difference after a few minutes, even though at first it may seem like the same, it's like the difference between 10 and 15-20 ping in games, both are low but one is just slightly lower, 99% people wouldn't notice it

@Evjl's Rain what features does this browser have compared to chrome?
 
Upvote 0

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I took it for a spin, browsing pages for about 10 mins, seems clean, cpu usage is low, stays at 0.xx% when not doing anything, going to about 5-10% max when loading pages, as expected, which btw surprises me just how fast it is, it's very slightly faster than chrome, but that's probably because I have like 10 extensions on chrome and a few hundred tabs open compared to 5 tabs on yandex and no extensions, even then the speed difference is very small but noticeable, not in the sense that's there's a noticeable difference, but in the sense that I can see it, although 98% of people wouldn't notice it cuz even for me it's very subtle, but it does feel fast when you get used to the difference after a few minutes, even though at first it may seem like the same, it's like the difference between 10 and 15-20 ping in games, both are low but one is just slightly lower, 99% people wouldn't notice it

@Evjl's Rain what features does this browser have compared to chrome?
I used it for a short period of time, then I ditched it because I couldn't sideload the extensions I want
it has banking protection, built-in DNS changer,...

I don't need most of its features
I think this browser is a lot worse than chrome in terms of privacy
I frequently send data to yandex's IPs

moreover, the URL protection is a lot worse than google safe browsing

I doubt the banking protection might compromise our banking information

EDIT: this browser is weird. when you plug your USB in, it would show a popup about something
in other words, it monitors what you are doing in your computer
 
  • Like
Reactions: Nestor
Upvote 0

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
I frequently send data to yandex's IPs
There are many cloud features, which can be disabled, like suggestions, translate, quick answers, etc.

moreover, the URL protection is a lot worse than google safe browsing
You can say that again, they switched from Google to Sophos. It is a miracle, if it actually reports anything.

I doubt the banking protection might compromise our banking information
Protected Mode is a nice feature, it disables all extensions (except password) on bank webpages, so malicious extensions stand no chance.
 
Upvote 0

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I mean it's russian :ROFLMAO:
also, I think it would trigger the coinminer when the PC is in idle or something like that
when we are actively browsing or opening task manager, we won't notice anything

just be aware of this browser
The respectable malware hunter said it contains a miner so it should have something malicious
 
Upvote 0

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top