What's new

[SOLVED] Malware in statcounter javascript.

zircon_st

Lead Developer
My antivirus is popping up notifications that VI's "statcounter" script has a Coinminer component attached, which is a kind of malware.
 

RCsound

Active Member
Same here, but i get no warning from my AV (Eset) until i stopped ublock origin, so ublock helps to stop this malware script.
 

Dewdman42

Senior Member
I don't know what VI's stat counter is, but if you trust the source, then don't worry about it and try to find a way to mark it as an exception. Malware detectors look for certain kinds of code patterns for what they consider to be common approaches taken by hackers to exploit security weaknesses of the language. It doesn't necessarily mean that the thing you are using in javascript is actually malware, but it may be using some kind of coding approach that is similar. But only if you absolutely trust the source of where the javascript came from.
 

MartinH.

Senior Member
I don't know what VI's stat counter is, but if you trust the source, then don't worry about it and try to find a way to mark it as an exception. Malware detectors look for certain kinds of code patterns for what they consider to be common approaches taken by hackers to exploit security weaknesses of the language. It doesn't necessarily mean that the thing you are using in javascript is actually malware, but it may be using some kind of coding approach that is similar. But only if you absolutely trust the source of where the javascript came from.
"Trusting the source" actually isn't the ideal thing to base such decisions on, because even 100% trustworthy and reputable sources can fall victim to hacks and become the unknowing distributers of malware.

@Mike Greene might want to chime in on this.


I use Eset and Adblock, but nothing pops up here.
 

Dewdman42

Senior Member
I'm just saying malware detectors look at javascript code for patterns. Just because some trusted source is using similar approaches in javascript doesn't mean its something to worry about. Or it might. It certainly warrants contacting the source and inquiring further about it. If you don't trust the source, or how you got it, then by all means get rid of it.
 

Dewdman42

Senior Member
when you said VI, are you meaning something about this website is causing your malware detector to freak?
 
OP
zircon_st

zircon_st

Lead Developer
A hit counter should barely be doing anything at all. I find it extremely unlikely that run-of-the-mill hit counter code could somehow be confused for cryptocurrency mining. I'm pretty sure it's malicious but either way it needs to be looked at ASAP. @Mike Greene ?
 

creativeforge

Barefoot Heart Music
My antivirus is popping up notifications that VI's "statcounter" script has a Coinminer component attached, which is a kind of malware.
Thank you for flagging this to us! You are right. This just happened over the week-end. I have removed the script for the moment, both from the forum and the portal, and I wrote StatCounter for further updates.

https://www.zdnet.com/article/hackers-breach-statcounter-to-hijack-bitcoin-transactions-on-gate-io-exchange/

Regards,

Andre
 
Last edited:
When is statcounter used?
I.o.w. do I unknowingly use it as a forum member, or is it a specific tool as admin?

And addition q’s:

Is it active for windows only or also on Mac’s
 

creativeforge

Barefoot Heart Music
When is statcounter used?
I.o.w. do I unknowingly use it as a forum member, or is it a specific tool as admin?

And addition q’s:

Is it active for windows only or also on Mac’s
You never use it, it is only used by the forum. The OS you are using has no incidence on this. I'm waiting another 24 hours before reinstalling it now that it's been cleaned up. No matter what, having a good antivirus or malware is important today.
 

creativeforge

Barefoot Heart Music
OK so I have restored the stat counter. Let me know if it gets flagged by your antivirus. I have the assurance from the developers that the issue has been fixed, and that extra security measures have been installed in order for this to never happen again. Hopefully that is the end of this. :)

Regards,

Andre
 
Top Bottom