Reporter
Administrator
Skial | Crypto mining Its Users
Detecting unwarranted `.js` code in the background is easy with [Sophos Home](https://home.sophos.com/), especially when its hidden in your favorite TF2 server(s) — Upon connection, a friend of mine discovered that the popular server chain "Skial" is responsible for utilizing a discrete JavaScript mining utility on all its active users called "[CoinHive](https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/)" through background advertisements.
For the people who are unaware of what CoinHive is:
CoinHive is an active malicious mining utility that websites use to harness the processing power of their victors CPU's for profit.
[https://media.discordapp.net/attach...8516600905779/872863534147592293/unknown.png)
[Upon joining the server with no active background TL data on a clean machine.](https://preview.redd.it/ljiaor2i8kf71.png?width=1223&format=png&auto=webp&s=ac75f0efadcdaefaf1a41c002c82b95451643050)
**Server**: [`91.216.250.32:27015`](https://91.216.250.32:27015)
**Name**: `Bottiger's Idle 24/7 Trade Skial Server`
PS:
If you check the ad-value, the running activity comes from their IP range as well, so them attempting to worm their way out of saying it was from another process is absurd and simply denial. 👍
[Response from the friend in question \/ visitor.](https://preview.redd.it/ulr88epg8kf71.png?width=1469&format=png&auto=webp&s=9e5a4be682b47079e8f0f92de158badc744fd72d)
Author: CBaseEntity
http://www.reddit.com/r/tf2/comments/oyl4ha/skial_crypto_mining_its_users/
Detecting unwarranted `.js` code in the background is easy with [Sophos Home](https://home.sophos.com/), especially when its hidden in your favorite TF2 server(s) — Upon connection, a friend of mine discovered that the popular server chain "Skial" is responsible for utilizing a discrete JavaScript mining utility on all its active users called "[CoinHive](https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/)" through background advertisements.
For the people who are unaware of what CoinHive is:
CoinHive is an active malicious mining utility that websites use to harness the processing power of their victors CPU's for profit.
[https://media.discordapp.net/attach...8516600905779/872863534147592293/unknown.png)
[Upon joining the server with no active background TL data on a clean machine.](https://preview.redd.it/ljiaor2i8kf71.png?width=1223&format=png&auto=webp&s=ac75f0efadcdaefaf1a41c002c82b95451643050)
**Server**: [`91.216.250.32:27015`](https://91.216.250.32:27015)
**Name**: `Bottiger's Idle 24/7 Trade Skial Server`
PS:
If you check the ad-value, the running activity comes from their IP range as well, so them attempting to worm their way out of saying it was from another process is absurd and simply denial. 👍
[Response from the friend in question \/ visitor.](https://preview.redd.it/ulr88epg8kf71.png?width=1469&format=png&auto=webp&s=9e5a4be682b47079e8f0f92de158badc744fd72d)
Author: CBaseEntity
http://www.reddit.com/r/tf2/comments/oyl4ha/skial_crypto_mining_its_users/