JS:CoinHiveMiner-B & VBA:Downloader-AQD

Hi guys! My antivirus found JS:CoinHiveMiner-B and VBA:Downloader-AQD at quantum-mirror.hu while updating Parrot OS installed on VirtualBox. So I want to know why. Can you explain presence of such things?

Can you post some of the findings for us please?

we need more details, we scan our mirrors periodically (every 2 hours) and everything seems ok

Found that in my antivirus logs:

|19.03.2019 20:51:27|http://quantum-mirror.hu/mirrors/pub/parrot/pool/main/b/beef-xss/beef-xss_0.4.7.1-0kali2_all.deb|>data.tar.xz|>data.tar|>.\usr\share\beef-xss\extensions\social_engineering\powershell\msoffice_docs\Document.docm.doc|>word\vbaProject.bin [L] VBA:Downloader-AQD [Trj] (0)|
|19.03.2019 20:51:28|http://quantum-mirror.hu/mirrors/pub/parrot/pool/main/b/bettercap-caplets/bettercap-caplets_0%2bgit20190303-0kali1_all.deb|>data.tar.xz|>data.tar|>.\usr\share\bettercap\caplets\crypto-miner.js [L] JS:CoinHiveMiner-B [PUP] (0)|

beed-xss is a pentest tool to inject javascript malware on victim browsers and control their sessions remotely

if you use a pentest distro full of pentest tools, expect your antivirus to detect false posotives of dormant malware integrated into your pentest tools

parrot is not infected and the quantum-mirror is not spreading malware. moreover the repository is protected by digital signatures, and the package manager refuses to install or update packages that don’t have a valid signature from our central delivery server

1 Like

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.