Malicious cryptocurrency miner embedded in Journal website downloaded to PC by Zotero Extension

edited November 27, 2017
I was backing up my library when Windows Defender detected and prevented a trojan named brocoiner, which was contained inside a script within a downloaded html webpage file, from being copied from the zotero storage directory to the backup location.

Unfortunately it didn't detect the html containing the virus script when I initially downloaded it. It appears that, before I navigated to the page with the PDF download link, I clicked the connector and it instead downloaded the webpage (.html file containing the virus script).

It doesn't run autonomously as pointed out in adasmith's post below (whew!) but in any case, please take care when downloading via the browser connector just like one would through any other mechanism, even from legitimate journal websites.

[Edit: thanks for merging the double post, it double posted when I tried to edit a clarification into the OP]
Sign In or Register to comment.