Trojan:Win32/CoinMiner.C!rfn
Apparently, Windows Defender Antivirus has detected the Trojan:Win32/CoinMiner.C!rfn in the following file path C:\Users\***\Zotero\storage\8LILIY9S\counter.js
This has - to my knowledge - not come up at the other computers that I use.
How can I identify the associated entry in Zotero?
I found it. It's the following.
Raza, Sheeraz. ‘Global Value: Does the Cape Ratio Work Globally?’ ValueWalk (blog), 20 March 2014. https://www.valuewalk.com/2014/03/global-value-meb-faber/.
This has - to my knowledge - not come up at the other computers that I use.
How can I identify the associated entry in Zotero?
I found it. It's the following.
Raza, Sheeraz. ‘Global Value: Does the Cape Ratio Work Globally?’ ValueWalk (blog), 20 March 2014. https://www.valuewalk.com/2014/03/global-value-meb-faber/.
How is it possible that by saving a blog post I might get a malacious JS-Script on my computers? Or could it be a false positive? Anyway, I would like to understand better how JS-Scripts can be saved to my HDD with the Zotero FF connector and how they might be malicious. Thanks in advance for sharing your insight.
It's unlikely to be much of a threat — in this case, it's a cryptocurrency miner that uses your computer's processing power to generate bitcoins (or similar) while you're viewing a webpage. When you leave the page, it stops.
We're going to be changing the way snapshots work soon to strip JavaScript and save fully static pages to Zotero, which should avoid this problem (and other JavaScript junk — interactive ads, etc.) in general.
Thanks for the info!
See: https://www.virustotal.com/gui/file/31b819377de193d2ff6e0fe48959edf1456288a02cb0f0ae312386b05b39336d/detection