I’m interested in movies and visit lots of movie sites. Recently I visited a site called YIFYTORRENTS in which I found a bitcoin miner in the site! In this post, I write about how I found the miner and how it acts.
1-Visiting the site
I visited YIFY-Torrent.me and suddenly Firefox asked for firewall incoming connection request. The site was good looking. It has valid certificate and uses HTTPS for connection, but why it asked for firewall exception?
So I disallowed the request and continued to investigate the site.
I started to investigate the HTML source code of the site and found a bitcoin miner inside it! The picture below shows the miner code.
Further, I checked the code for the miner. It is in this link and as it is shown, it is obfuscated and started with eval command.
Checking with Addons
I also checked the site with NoCoin addon for Firefox and fortunately it could detect the miner.
I’ve checked the site on 11 Mar 2018 and writing the post on 18 Mar 2018. But luckily COMODO has detected and blocked the site.